CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Description
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79
CVEs mapped to this weakness (5,471)
page 179 of 274| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6706 | — | 0.00 | — | 0.02 | Oct 14, 2015 | Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5583, CVE-2015-6705, and CVE-2015-7624. | ||
| CVE-2015-6705 | — | 0.00 | — | 0.02 | Oct 14, 2015 | Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5583, CVE-2015-6706, and CVE-2015-7624. | ||
| CVE-2015-5583 | 0.00 | — | 0.03 | Oct 14, 2015 | Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to bypass intended sandbox restrictions and obtain sensitive PDF information by launching a print job on a remote printer, a different vulnerability than CVE-2015-6705, CVE-2015-6706, and CVE-2015-7624. | |||
| CVE-2015-7368 | 0.00 | — | 0.00 | Oct 14, 2015 | Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache. | |||
| CVE-2015-6328 | 0.00 | — | 0.00 | Oct 13, 2015 | The web framework in Cisco Prime Collaboration Assurance (PCA) 10.5(1) allows remote authenticated users to bypass intended access restrictions and read arbitrary files via a crafted URL, aka Bug ID CSCus88380. | |||
| CVE-2015-5443 | 0.00 | — | 0.00 | Oct 12, 2015 | HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-4547 | 0.00 | — | 0.01 | Oct 12, 2015 | EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB password in a configuration file, which allows remote authenticated users to obtain sensitive information by reading this file. | |||
| CVE-2015-4929 | 0.00 | — | 0.00 | Oct 11, 2015 | IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request. | |||
| CVE-2015-7761 | 0.00 | — | 0.00 | Oct 9, 2015 | Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760. | |||
| CVE-2015-5923 | 0.00 | — | 0.00 | Oct 9, 2015 | Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors. | |||
| CVE-2015-5901 | 0.00 | — | 0.00 | Oct 9, 2015 | The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive. | |||
| CVE-2015-5893 | 0.00 | — | 0.00 | Oct 9, 2015 | SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | |||
| CVE-2015-5884 | 0.00 | — | 0.00 | Oct 9, 2015 | The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment. | |||
| CVE-2015-5878 | 0.00 | — | 0.00 | Oct 9, 2015 | Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-5870 | 0.00 | — | 0.00 | Oct 9, 2015 | The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors. | |||
| CVE-2015-5865 | 0.00 | — | 0.00 | Oct 9, 2015 | IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||
| CVE-2015-5864 | 0.00 | — | 0.00 | Oct 9, 2015 | IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | |||
| CVE-2015-5854 | 0.00 | — | 0.00 | Oct 9, 2015 | The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors. | |||
| CVE-2015-5853 | — | 0.00 | — | 0.00 | Oct 9, 2015 | AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors. | ||
| CVE-2015-5836 | 0.00 | — | 0.00 | Oct 9, 2015 | Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app. |
- CVE-2015-6706Oct 14, 2015risk 0.00cvss —epss 0.02
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5583, CVE-2015-6705, and CVE-2015-7624.
- CVE-2015-6705Oct 14, 2015risk 0.00cvss —epss 0.02
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5583, CVE-2015-6706, and CVE-2015-7624.
- CVE-2015-5583Oct 14, 2015risk 0.00cvss —epss 0.03
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to bypass intended sandbox restrictions and obtain sensitive PDF information by launching a print job on a remote printer, a different vulnerability than CVE-2015-6705, CVE-2015-6706, and CVE-2015-7624.
- CVE-2015-7368Oct 14, 2015risk 0.00cvss —epss 0.00
Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.
- CVE-2015-6328Oct 13, 2015risk 0.00cvss —epss 0.00
The web framework in Cisco Prime Collaboration Assurance (PCA) 10.5(1) allows remote authenticated users to bypass intended access restrictions and read arbitrary files via a crafted URL, aka Bug ID CSCus88380.
- CVE-2015-5443Oct 12, 2015risk 0.00cvss —epss 0.00
HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.
- CVE-2015-4547Oct 12, 2015risk 0.00cvss —epss 0.01
EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB password in a configuration file, which allows remote authenticated users to obtain sensitive information by reading this file.
- CVE-2015-4929Oct 11, 2015risk 0.00cvss —epss 0.00
IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via a REST API request.
- CVE-2015-7761Oct 9, 2015risk 0.00cvss —epss 0.00
Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760.
- CVE-2015-5923Oct 9, 2015risk 0.00cvss —epss 0.00
Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.
- CVE-2015-5901Oct 9, 2015risk 0.00cvss —epss 0.00
The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive.
- CVE-2015-5893Oct 9, 2015risk 0.00cvss —epss 0.00
SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
- CVE-2015-5884Oct 9, 2015risk 0.00cvss —epss 0.00
The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment.
- CVE-2015-5878Oct 9, 2015risk 0.00cvss —epss 0.00
Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors.
- CVE-2015-5870Oct 9, 2015risk 0.00cvss —epss 0.00
The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors.
- CVE-2015-5865Oct 9, 2015risk 0.00cvss —epss 0.00
IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
- CVE-2015-5864Oct 9, 2015risk 0.00cvss —epss 0.00
IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
- CVE-2015-5854Oct 9, 2015risk 0.00cvss —epss 0.00
The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors.
- CVE-2015-5853Oct 9, 2015risk 0.00cvss —epss 0.00
AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors.
- CVE-2015-5836Oct 9, 2015risk 0.00cvss —epss 0.00
Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app.