CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,213 vulnerabilities with CWE-200
CVE-2009-0504
IBM WebSphere Application Server < 7.0 - Exposure of Sensitive Information via WSPolicy IDAssertion
CVE-2009-0437
IBM WebSphere Application Server <6.0.2 - Info Disclosure
CVE-2009-0434
IBM WebSphere Application Server <7.0.0.1 - Info Disclosure
CVE-2009-0453
Online Grades 3.2.4 - Info Disclosure
CVE-2009-0474
Rockwell Automation ControlLogix - Info Disclosure
CVE-2009-0358
Mozilla Firefox <3.0.6 - Info Disclosure
CVE-2009-0274
Novell GroupWise - Exposure of Sensitive Information via Crafted URL
CVE-2009-0391
IBM WebSphere Application Server (WAS) 6.0.1 - Info Disclosure
CVE-2009-0348
Sun Java System Access Manager - Info Disclosure
CVE-2009-0320
Microsoft Windows XP- Vista - Info Disclosure
CVE-2009-0278
Sun Java System AS <8.2 - Info Disclosure
CVE-2009-0123
Apple Safari - Unauthenticated Arbitrary File Read via RSS Feed URL Handler
CVE-2009-0041
Asterisk Business Edition < B.2.5.2 and < C.1.0 - Unauthenticated Username Enumeration via IAX2 Login Response
CVE-2008-5083 MEDIUM
JBoss Operations Network 2.1.0-2.1.2 - Exposure of Sensitive Information
CVSS 6.5
CVE-2008-7292
Bugzilla <2.20.5, <2.22.3, <3.0.3 - Info Disclosure
CVE-2008-7281
OTRS < 2.2.7 - Unauthorized Exposure of Bcc Recipient E-mail Addresses
CVE-2008-7268
SiteEngine 5.x - Exposure of Sensitive Information via phpinfo Action Parameter
CVE-2008-7187
Coppermine Photo Gallery <1.4.14 - Info Disclosure
CVE-2008-7154
Docebo < 3.5.0.3 - Unauthenticated Sensitive Information Exposure via Direct Request
CVE-2008-7146
IntraLearn < 4.2 - Exposure of Sensitive Information via Direct Request to Help Pages
CVE-2008-7143
phpBB 2.0.23 - Session Hijacking via Referer Header Exposure
CVE-2008-7069
All Club CMS <= 0.0.2 - Exposure of Sensitive Information via Direct Request to accms.dat
CVE-2008-7063
Ocean12 FAQ Manager Pro - Unauthenticated Sensitive Data Exposure via Direct Database Request
CVE-2008-6999
phpAuction 3.2 and possibly 3.3.0 GPL Basic - Exposure of Sensitive Information via phpinfo.php
CVE-2008-6981
phpAdultSite CMS - Exposure of Sensitive Information via Invalid results_per_page Parameter
Details
Vulnerabilities 10,213
Exploit Likelihood High