VYPR

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

ClassDraftLikelihood: High

Description

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79

CVEs mapped to this weakness (6,463)

page 149 of 324
  • CVE-2016-5233LowJun 10, 2016
    Huawei
    Mate 8 Firmware
    risk 0.24cvss 3.7epss 0.00

    Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base stations to obtain sensitive subscriber signal strength information via vectors…

  • CVE-2016-4486LowMay 23, 2016
    Linux
    Kernel
    risk 0.24cvss 3.3epss 0.01

    The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.

  • CVE-2015-7886LowJan 18, 2016
    NetApp
    Data Ontap
    risk 0.24cvss 3.7epss 0.00

    NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors.

  • CVE-2015-6858LowJan 5, 2016
    Microfocus
    Insight Control Server Provisioning
    risk 0.24cvss 3.7epss 0.00

    HP Insight Control server provisioning before 7.5.0 RabbitMQ allows remote attackers to obtain sensitive information via unspecified vectors.

  • CVE-2015-4989LowJan 2, 2016
    IBM
    Tealeaf Customer Experience
    risk 0.24cvss 3.7epss 0.00

    The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary charts by specifying an…

  • CVE-2015-7421LowJan 1, 2016
    IBM
    Mq Appliance M2000
    risk 0.24cvss 3.7epss 0.00

    Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7420.

  • CVE-2015-7420LowJan 1, 2016
    IBM
    MQ M2000
    risk 0.24cvss 3.7epss 0.00

    Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2015-7421.

  • CVE-2014-4876LowDec 31, 2015
    Toshiba
    4690 Operating System
    risk 0.24cvss 3.7epss 0.01

    Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted request to TCP port 54138.

  • CVE-2015-8253LowDec 27, 2015
    RSI Video Technologies
    Frontel Protocol
    risk 0.24cvss 3.7epss 0.00

    The Frontel protocol before 3 on RSI Video Technologies Videofied devices sets up AES encryption but sends all traffic in cleartext, which allows remote attackers to obtain sensitive (1) message or (2) MJPEG video data by sniffing the network.

  • CVE-2026-7021LowApr 26, 2026
    SmythOS
    Sre
    risk 0.23cvss 3.5epss 0.00

    A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the argument baseURL causes information disclosure. It is possible to initiate the…

  • CVE-2026-4994LowMar 28, 2026
    Wandb
    Openui
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function generic_exception_handler of the file backend/openui/server.py of the component APIStatusError Handler. The manipulation of the argument key results in information exposure through error…

  • CVE-2025-11203LowOct 29, 2025
    Berriai
    Litellm
    risk 0.23cvss 3.5epss 0.00

    LiteLLM Information health API_KEY Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LiteLLM. Authentication is required to exploit this vulnerability. The specific flaw exists within…

  • CVE-2025-11026LowSep 26, 2025
    Vvveb
    Vvveb
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was determined in givanz Vvveb up to 1.0.7.2. Affected by this vulnerability is an unknown functionality of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been…

  • CVE-2025-26710LowSep 16, 2025
    Zte
    T5400
    risk 0.23cvss 3.5epss 0.00

    There is an an information disclosure vulnerability in ZTE T5400. Due to improper configuration of the access control mechanism, attackers can obtain information through interfaces without authorization, causing the risk of information disclosure.

  • CVE-2025-23073LowJan 14, 2025
    Wikimedia Foundation
    Mediawiki Extensions Globalblocking
    risk 0.23cvss 3.5epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. This issue briefly impacted the master branch of MediaWiki’s GlobalBlocking Extension.

  • CVE-2021-32007LowDec 13, 2024
    Securecomputing
    Gatemanager
    risk 0.23cvss 3.5epss 0.00

    This issue affects: Secomea GateManager Version 9.5 and all prior versions. Protection Mechanism Failure vulnerability in web server of Secomea GateManager to potentially leak information to remote servers.

  • CVE-2017-1353LowDec 7, 2017
    IBM
    Atlas Ediscovery Process Management
    risk 0.23cvss 3.5epss 0.00

    IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 126680.

  • CVE-2017-2730LowNov 22, 2017
    Huawei
    Tech Support
    risk 0.23cvss 3.5epss 0.00

    HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, the attacker can collect…

  • CVE-2017-0895LowMay 8, 2017
    Nextcloud
    Server
    risk 0.23cvss 3.5epss 0.00

    Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed.

  • CVE-2016-4027LowDec 15, 2016
    Open-Xchange
    Appsuite
    risk 0.23cvss 3.5epss 0.00

    An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared…