VYPR

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

ClassDraftLikelihood: High

Description

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79

CVEs mapped to this weakness (7,319)

page 123 of 366
  • CVE-2017-0425MedFeb 8, 2017
    risk 0.36cvss 5.5epss 0.01

    An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions:…

  • CVE-2017-0424MedFeb 8, 2017
    risk 0.36cvss 5.5epss 0.01

    An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit…

  • CVE-2017-0421MedFeb 8, 2017
    risk 0.36cvss 5.5epss 0.01

    An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that…

  • CVE-2017-0420MedFeb 8, 2017
    risk 0.36cvss 5.5epss 0.01

    An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the…

  • CVE-2017-0414MedFeb 8, 2017
    risk 0.36cvss 5.5epss 0.01

    An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the…

  • CVE-2017-0413MedFeb 8, 2017
    risk 0.36cvss 5.5epss 0.01

    An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the…

  • CVE-2015-5677MedFeb 7, 2017
    risk 0.36cvss 5.5epss 0.01

    bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file.

  • CVE-2017-5595MedFeb 6, 2017
    risk 0.36cvss 5.5epss 0.00

    A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the…

  • CVE-2017-5550MedFeb 6, 2017
    risk 0.36cvss 5.5epss 0.00

    Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release…

  • CVE-2016-8963MedFeb 1, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user.

  • CVE-2016-2941MedFeb 1, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user.

  • CVE-2016-8981MedFeb 1, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system.

  • CVE-2016-3996MedJan 27, 2017
    risk 0.36cvss 5.5epss 0.01

    ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application.

  • CVE-2017-0398MedJan 13, 2017
    risk 0.36cvss 5.5epss 0.00

    An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions:…

  • CVE-2016-10135MedJan 13, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are…

  • CVE-2017-0402MedJan 12, 2017
    risk 0.36cvss 5.5epss 0.00

    An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive…

  • CVE-2017-0401MedJan 12, 2017
    risk 0.36cvss 5.5epss 0.00

    An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used…

  • CVE-2017-0400MedJan 12, 2017
    risk 0.36cvss 5.5epss 0.00

    An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive…

  • CVE-2017-0399MedJan 12, 2017
    risk 0.36cvss 5.5epss 0.00

    An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used…

  • CVE-2017-0397MedJan 12, 2017
    risk 0.36cvss 5.5epss 0.00

    An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without…