CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,146 vulnerabilities with CWE-200
CVE-2023-52234 MEDIUM
Booster Elite for WooCommerce < 7.1.2 - Authenticated Order Information Exposure
CVSS 6.5
CVE-2023-52231 MEDIUM
Booster Plus for WooCommerce < 7.1.2 - Authenticated Exposure of Sensitive Order Information
CVSS 6.5
CVE-2023-27630 MEDIUM
PeepSo Community <6.0.9.0 - Info Disclosure
CVSS 5.3
CVE-2023-25965 MEDIUM
mbbhatti Upload Resume <1.2.0 - Info Disclosure
CVSS 5.9
CVE-2023-50894 HIGH
Janitza GridVis <= 9.0.66 - Authenticated Sensitive Information Exposure via Hardcoded Credentials
CVSS 8.8
CVE-2023-48296 MEDIUM
OroPlatform 4.1.0-5.1.3 - Exposure of Sensitive Information via Navigation History
CVSS 4.3
CVE-2023-45824 MEDIUM
OroPlatform 4.2.0-5.1.3 - Authenticated Exposure of Sensitive Information via Pinned Page State
CVSS 4.3
CVE-2023-49981 HIGH
School Fees Management System 1.0 - Unauthenticated Directory Listing
CVSS 7.5
CVE-2023-40278 HIGH
OpenClinic GA 5.247.01 - Information Disclosure via AppointmentUid Parameter
CVSS 7.5
CVE-2023-40276 CRITICAL
OpenClinic GA 5.247.01 - Unauthenticated File Download via pharmacy/exportFile.jsp
CVSS 9.1
CVE-2023-40275 CRITICAL
OpenClinic GA 5.247.01 - Unauthenticated Exposure of Sensitive Information via Patient List Retrieval
CVSS 9.1
CVE-2023-28826 MEDIUM
iOS <16.7.6-iPadOS <16.7.6-macOS <12.7.4-<14.1-<13.6.5 - Info Discl...
CVSS 5.5
CVE-2023-48644 MEDIUM
Archibus 4.0.3 - Stored Cross-Site Scripting via Maintenance Module Description Field
CVSS 6.1
CVE-2023-50324 MEDIUM
IBM Cognos Command Center 10.2.4.1 and 10.2.5 - Exposure of Sensitive Information via X-AspNet-Version Response Header
CVSS 5.3
CVE-2023-6922 MEDIUM
Acurax <= 2.6 - Authenticated Sensitive Information Exposure
CVSS 4.3
CVE-2023-52097 HIGH
Huawei EMUI and HarmonyOS - Foreground Service Restrictions Bypass in NMS Module
CVSS 7.5
CVE-2023-21833 MEDIUM
Oracle ZFS Storage Appliance Kit <8.8 - Info Disclosure
CVSS 4.3
CVE-2023-44253 MEDIUM
FortiAnalyzer 7.4.0-7.4.1 and < 7.2.5 - Unauthorized Information Exposure via ADOM Enumeration
CVSS 5.0
CVE-2023-51787 HIGH
Wind River VxWorks <7.22.09-7.23.03 - Memory Corruption
CVSS 7.5
CVE-2023-28077 MEDIUM
Dell BSAFE SSL-J < 6.5.1 and 7.0-7.1 - Information Disclosure via Debug Messages
CVSS 4.4
CVE-2023-50298 HIGH
Apache Solr 6.0.0-8.11.2, 9.0.0-9.4.0 - Exposure of Sensitive Information via Streaming Expression zkHost Parameter
CVSS 7.5
CVE-2023-46183 MEDIUM
IBM PowerVM Hypervisor - Info Disclosure
CVSS 5.3
CVE-2023-33851 MEDIUM
IBM PowerVM Hypervisor - Info Disclosure
CVSS 5.3
CVE-2023-44312 MEDIUM
Apache ServiceComb Service-Center < 2.1.0 - Exposure of Sensitive Information
CVSS 5.8
CVE-2023-52187 MEDIUM
Image Source Control Lite < 2.17.0 - Sensitive Data Exposure via Log File
CVSS 5.3
Details
Vulnerabilities 10,146
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits