CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,195 vulnerabilities with CWE-200
CVE-2014-3481
Red Hat JBoss Enterprise Application Platform < 6.2.4 - XML External Entity Injection
CVE-2014-0894
IBM Algo Credit Limits 4.5.0-4.7.0 - Exposure of Sensitive Information via XML Document
CVE-2014-0871
IBM Algo Credit Limits 4.5.0-4.7.0 - Exposure of Sensitive Information via Non-Printing Cookie Characters
CVE-2014-4721
PHP <5.4.30, 5.5.x <5.5.14 - Info Disclosure
CVE-2014-4692
pfSense < 2.1.4 - Session Cookie Exposure via Missing HTTPOnly Flag
CVE-2014-3066
IBM Tivoli Endpoint Manager 9.1 - Exposure of Sensitive Information via XML External Entity Injection
CVE-2014-3494
Opensuse - Information Disclosure
CVE-2014-1361
Apple macOS X and iOS - Unauthorized Memory Exposure via DTLS Message in TLS Connection
CVE-2014-1317
macOS < 10.9.4 - Unprotected User Data Exposure via iBooks Commerce Log
CVE-2014-4669
HP Enterprise Maps 1.00 - Info Disclosure
CVE-2014-0891
IBM Websphere Application Server - Information Disclosure
CVE-2014-4027
Linux kernel <3.14 - Info Disclosure
CVE-2014-1739
Linux kernel <3.14.6 - Info Disclosure
CVE-2014-3296
Cisco WebEx Meeting Server < 1.5(1.131) - Sensitive Meeting Information Exposure
CVE-2014-4153
AlienVault OSSIM <4.8.0 - Info Disclosure
CVE-2014-2000
NTT 050 plus <4.2.1 - Info Disclosure
CVE-2014-3249
Puppet Enterprise 2.8.x - Exposure of Sensitive Information via Node Hiding/Unhiding
CVE-2014-1777
Microsoft Internet Explorer <11 - Info Disclosure
CVE-2014-0220
Cloudera Manager <4.8.3, <5.0.1 - Info Disclosure
CVE-2014-3917
Linux kernel <3.14.5 - Info Disclosure
CVE-2014-3956
sendmail <8.14.9 - Local Privilege Escalation
CVE-2014-3946
TYPO3 6.2.0-6.2.2 - Info Disclosure
CVE-2014-0217
Moodle 2.6.x <2.6.3 - Info Disclosure
CVE-2014-0215
Moodle <2.4.10-2.6.3 - Info Disclosure
CVE-2014-3867
IBM Sametime 8.x-8.5.2.1 and 9.x-9.0.0.1 - Exposure of Sensitive Information via Missing HTTPOnly Flag
Details
Vulnerabilities 10,195
Exploit Likelihood High