CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,195 vulnerabilities with CWE-200
CVE-2013-6741
IBM Maximo Asset Management 7.x < 7.1.1.7 and 7.5.x < 7.5.0.5 - Sensitive Information Exposure
CVE-2013-2998
IBM Maximo Asset Management and SmartCloud Control Desk - Sensitive Information Exposure via Invalid action_code
CVE-2013-3984
IBM Sametime 8.x-8.5.2.1 and 9.x-9.0.0.1 - Unauthenticated Sensitive Cookie Exposure via Missing Secure Flag
CVE-2013-3982
IBM Sametime 8.x-8.5.2.1 and 9.x-9.0.0.1 - Unauthenticated Exposure of Sensitive Information via Public Page
CVE-2013-6472
MediaWiki <1.19.10, 1.2x<1.21.4, 1.22.x<1.22.1 - Unauthorized Exposure of Deleted Page Info
CVE-2013-0174
Foreman < 1.0 - Exposure of Sensitive Information via ENC API
CVE-2013-7060
Plone 3.3-4.3.2 - Unauthenticated Installation Path Exposure via FactoryTool File Object
CVE-2013-7373
Android < 4.4 - Exposure of Sensitive Information via OpenSSL PRNG Seeding
CVE-2013-7111
BaseSpace Ruby SDK 0.1.7 - Info Disclosure
CVE-2013-4279
imapsync < 1.564 - Unauthenticated Exposure of Sensitive Information via Release Check
CVE-2013-2086
owncloud_server - Exposure of Sensitive Information via JavaScript File
CVE-2013-4194
Plone 2.1-4.1 4.2.x-4.2.5 4.3.x-4.3.1 - Information Disclosure via WYSIWYG Component Error Message
CVE-2013-6493
IcedTea-Web < 1.4.2 - Local Information Disclosure via Predictable Socket File
CVE-2013-4590
Apache Tomcat <6.0.39, 7.x <7.0.50, 8.x <8.0.0-RC10 - Info Disclosure
CVE-2013-6656
Google Chrome < 33.0.1750.117 - Information Exposure via XSS Auditor POST Request Handling
CVE-2013-6440
OpenSAML < 2.6.1 - XML External Entity Injection via Entity Reference Expansion
CVE-2013-6024
F5 BIG-IP APM 10.x-14.x, BIG-IP Edge Gateway 10.x-11.x, and FirePass 7.0.0 - Sensitive Information Exposure
CVE-2013-7130
OpenStack Compute - Info Disclosure
CVE-2013-2074
kdelibs < 4.10.3 - Credential Exposure via HTTP Error Message
CVE-2013-4739
codeaurora android-msm - Exposure of Sensitive Information via MSM_MCR_IOCTL_EVT_GET or MSM_JPEG_IOCTL_EVT_GET
CVE-2013-4043
IBM SPSS Collaboration and Deployment Services 4.x-4.2.1.2, 5.x-5.0 FP2, 6.x-6.0 - Unauthenticated Arbitrary File Read
CVE-2013-7299
Tntnet < 2.2.1 - Exposure of Sensitive Information via Malformed HTTP Header
CVE-2013-6447
JBoss Seam 2 Framework < 2.3.1 - XML External Entity Injection in Remoting Handlers
CVE-2013-1923
nfs-utils < 1.2.8 - Unauthorized File Access via DNS Spoofing in rpc-gssd
CVE-2013-0157
util-linux - Exposure of Sensitive Information via Directory Existence Error Messages
Details
Vulnerabilities 10,195
Exploit Likelihood High