CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,195 vulnerabilities with CWE-200
CVE-2014-3801
OpenStack Heat 2013.2-2013.2.3 and 2014.1 - Authenticated Provider Template URL Exposure via Resource-Type-List
CVE-2014-3803
Google Chrome < 35.0.1916.114 - Unauthenticated Exposure of Sensitive Information via SpeechInput Feature
CVE-2014-2199
Cisco WebEx Suite 27-29 & Meetings Server <1.5(.1.131) - Sensitive Meeting Info Exposure
CVE-2014-3787
SAP NetWeaver < 7.20 - Unauthenticated Exposure of Sensitive Information via SAP CUA Tables
CVE-2014-1808
Microsoft Office <2013 - Info Disclosure
CVE-2014-0521
Adobe Reader and Acrobat 10.x < 10.1.10 and 11.x < 11.0.07 - Information Disclosure via JavaScript API
CVE-2014-3242
SOAPpy 0.12.5 - XML External Entity Injection via SOAP Request
CVE-2014-2301
OrbiTeam BSCW <5.0.8 - Info Disclosure
CVE-2014-1738
Linux kernel <3.14.3 - Info Disclosure
CVE-2014-0946
IBM Operational Decision Manager 7.5-8.5 - Exposure of Sensitive Information via RES Console Cache-Control Headers
CVE-2014-0134
OpenStack Compute (Nova) <2013.2.3-2014.1 - Info Disclosure
CVE-2014-2347
Amtelco miSecureMessages <6.2 - Info Disclosure
CVE-2014-0896
IBM WebSphere Application Server Liberty Profile 8.5.x - Exposure of Sensitive Information via Crafted Request
CVE-2014-0823
IBM WebSphere Application Server 8.x < 8.0.0.9 and 8.5.x < 8.5.5.2 - Arbitrary File Read via Crafted URL
CVE-2014-0857
IBM WebSphere Application Server 8.x < 8.0.0.9 and 8.5.x < 8.5.5.2 - Authenticated Sensitive Information Exposure
CVE-2014-0786
Ecava IntegraXor < 4.1.4393 - Unauthenticated Cleartext Credential Exposure via SELECT Statements
CVE-2014-3129
SAP NetWeaver Software Lifecycle Manager - Exposure of Sensitive Information via Java Server Pages
CVE-2014-2545
TIBCO Slingshot < 1.9.0 - Exposure of Sensitive Information via Crafted HTTP Request
CVE-2014-2185
Cisco Unified Communications Manager - Info Disclosure
CVE-2014-2383
dompdf < 0.6.1 - Arbitrary File Read via PHP Wrapper in input_file Parameter
CVE-2014-2392
Open-Xchange AppSuite <7.4.2 - Info Disclosure
CVE-2014-2391
Open-Xchange AppSuite < 7.2.2 - Exposure of Sensitive Information via Password Recovery Service
CVE-2014-0892
IBM Notes and Domino 8.5.x-8.5.3 FP6 IF3 and 9.x-9.0.1 FP1 - Remote Code Execution via Missing NX Protection
CVE-2014-2983
Drupal 6.x < 6.31 and 7.x < 7.27 - Unauthenticated Exposure of Sensitive Information via Cached Form Data
CVE-2014-1322
macOS < 10.9.2 - Unprotected Kernel Pointer Exposure via XNU Object Attribute
Details
Vulnerabilities 10,195
Exploit Likelihood High