CWE-200

EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to…

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authenticated attacker to access report data that should be restricted to authorized users. IBM X-Force ID: 122788.

IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528.

Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors.

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view.

Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. This bug could allow a user with restricted permissions to view data they should not have access to when performing certain operations against an…

Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames.

IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,

IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907.

Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OXI Interface). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily "exploitable" vulnerability…

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Room Image/Picture Setup). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily "exploitable"…

IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254.

IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a vulnerability that would allow an authorized user to obtain sensitive information from the profile of a higher privileged user that they should not have access to. IBM X-Force ID: 118536.

The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.

Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks.

Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read.

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.

IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539.