CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,195 vulnerabilities with CWE-200
CVE-2013-6330
IBM WebSphere Application Server 7.x < 7.0.0.31 - Authenticated Sensitive Information Exposure via Static File Caching
CVE-2013-3713
openSUSE 13.1 KDE aaa_base < 16.26.1 - Unauthorized Information Exposure via Root User in Users Group
CVE-2013-7281
Linux kernel <3.12.4 - Info Disclosure
CVE-2013-6480
Apache Libcloud 0.12.3-0.13.2 - Exposure of Sensitive Information via DigitalOcean Destroy API
CVE-2013-6419
OpenStack Havana < 2013.2.1 - Exposure of Sensitive Metadata via Spoofed Device ID
CVE-2013-6953
BlogEngine.NET < 2.8 - Unauthenticated Exposure of Sensitive Information via sioc.axd Request
CVE-2013-7249
Fat Free CRM <0.12.1 - Info Disclosure
CVE-2013-7224
Fat Free CRM <0.12.1 - Info Disclosure
CVE-2013-6978
Cisco Unified Communications Manager < 9.1(1) - Authenticated Sensitive Information Exposure via DRS HTML Source
CVE-2013-4070
IBM SPSS Collaboration and Deployment Services 4.2.1-4.2.1.3 IF3 and 5.0-FP3 - Password Exposure
CVE-2013-4069
IBM SPSS Collaboration and Deployment Services 4.2.1-5.0 - XML External Entity Injection in Portal Application
CVE-2013-4044
IBM SPSS Collaboration and Deployment Services 4.2.1-5.0 - Sensitive Information Exposure via Direct HTTP Request
CVE-2013-5452
IBM FileNet Business Process Framework 4.1.0 - SSRF
CVE-2013-5422
IBM Rational ClearQuest <8.0.0.9 - Info Disclosure
CVE-2013-7005
D-Link DSR-150/250/500/1000 Firmware - Cleartext Password Storage in Configuration File
CVE-2013-4775
NETGEAR ProSafe Firmware - Sensitive Information Exposure via Direct Request
CVE-2013-5440
IBM InfoSphere Information Server <9.1 - Info Disclosure
CVE-2013-6973
Cisco WebEx Training Center - Exposure of Sensitive Information via Crafted URL
CVE-2013-6972
Cisco WebEx Training Center - Unauthenticated Session Number Exposure via HTML Source Code
CVE-2013-6970
Cisco WebEx Meeting Center - Information Exposure via Verbose Error Messages
CVE-2013-6968
Cisco WebEx Training Center - Unauthenticated User Enumeration via Registration Error Messages
CVE-2013-6709
Cisco WebEx Training Center - Unauthorized Audio Conference Access via Registration URL
CVE-2013-4569
MediaWiki <1.19.9, <1.20.x-1.20.8, <1.21.x-1.21.3 - Info Disclosure
CVE-2013-6052
OpenJPEG < 1.3 - Heap-Based Out-of-Bounds Read
CVE-2013-6672
Opensuse < 26.0 - Information Disclosure
Details
Vulnerabilities 10,195
Exploit Likelihood High