CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

ClassDraftLikelihood: High

Description

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Hierarchy (View 1000)

Parents

CWE-668

Children

Related attack patterns (CAPEC)

CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79

CVEs mapped to this weakness (5,467)

page 193 of 274

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2015-0902	Semperfiwebdesign All In One Seo Pack	—	0.02	Apr 3, 2015	The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code.
CVE-2015-0683	—	—	0.00	Apr 3, 2015	Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744.
CVE-2014-5405	Hospira Mednet	—	0.00	Apr 3, 2015	Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
CVE-2014-5400	Hospira Mednet	—	0.00	Apr 3, 2015	The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.
CVE-2015-2817	SAP Netweaver	—	0.00	Apr 1, 2015	The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.
CVE-2015-0800	—	—	0.00	Apr 1, 2015	The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808.
CVE-2015-2809	Synology Diskstation Manager	—	0.02	Apr 1, 2015	The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component.
CVE-2015-1892	IBM Security Access Manager For Web 7.0 Firmware	—	0.02	Apr 1, 2015	The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.
CVE-2015-2108	Microfocus Operations Orchestration	—	0.00	Mar 31, 2015	Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors.
CVE-2015-0999	Aveva Aveva Edge	—	0.00	Mar 29, 2015	Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.
CVE-2015-0998	Aveva Aveva Edge	—	0.00	Mar 29, 2015	Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2015-0997	Aveva Aveva Edge	—	0.01	Mar 29, 2015	Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack.
CVE-2015-0996	Aveva Aveva Edge	—	0.00	Mar 29, 2015	Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.
CVE-2014-5427	Johnsoncontrols Metsys	—	0.01	Mar 29, 2015	Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request.
CVE-2015-0680	Cisco Systems, Inc. Unified Callmanager	—	0.00	Mar 28, 2015	Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.
CVE-2015-2771	Websense Triton Ap Email	—	0.00	Mar 27, 2015	The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2015-2762	Websense Triton Ap Web	—	0.00	Mar 27, 2015	Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication.
CVE-2015-2157	Debian Debian Linux	—	0.00	Mar 27, 2015	The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.
CVE-2014-9712	Websense V Series Appliances	—	0.00	Mar 27, 2015	Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allow remote administrators to read arbitrary files and obtain passwords via a crafted path.
CVE-2015-2748	Websense Triton Ap Data	—	0.00	Mar 26, 2015	Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file.

CVE-2015-0902Apr 3, 2015
Semperfiwebdesign
All In One Seo Pack
risk 0.00cvss —epss 0.02
The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code.
CVE-2015-0683Apr 3, 2015
risk 0.00cvss —epss 0.00
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744.
CVE-2014-5405Apr 3, 2015
Hospira
Mednet
risk 0.00cvss —epss 0.00
Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
CVE-2014-5400Apr 3, 2015
Hospira
Mednet
risk 0.00cvss —epss 0.00
The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.
CVE-2015-2817Apr 1, 2015
SAP
Netweaver
risk 0.00cvss —epss 0.00
The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.
CVE-2015-0800Apr 1, 2015
risk 0.00cvss —epss 0.00
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808.
CVE-2015-2809Apr 1, 2015
Synology
Diskstation Manager
risk 0.00cvss —epss 0.02
The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component.
CVE-2015-1892Apr 1, 2015
IBM
Security Access Manager For Web 7.0 Firmware
risk 0.00cvss —epss 0.02
The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.
CVE-2015-2108Mar 31, 2015
Microfocus
Operations Orchestration
risk 0.00cvss —epss 0.00
Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors.
CVE-2015-0999Mar 29, 2015
Aveva
Aveva Edge
risk 0.00cvss —epss 0.00
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.
CVE-2015-0998Mar 29, 2015
Aveva
Aveva Edge
risk 0.00cvss —epss 0.00
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2015-0997Mar 29, 2015
Aveva
Aveva Edge
risk 0.00cvss —epss 0.01
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote attackers to obtain access via a brute-force password-guessing attack.
CVE-2015-0996Mar 29, 2015
Aveva
Aveva Edge
risk 0.00cvss —epss 0.00
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password.
CVE-2014-5427Mar 29, 2015
Johnsoncontrols
Metsys
risk 0.00cvss —epss 0.01
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request.
CVE-2015-0680Mar 28, 2015
Cisco Systems, Inc.
Unified Callmanager
risk 0.00cvss —epss 0.00
Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439.
CVE-2015-2771Mar 27, 2015
Websense
Triton Ap Email
risk 0.00cvss —epss 0.00
The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2015-2762Mar 27, 2015
Websense
Triton Ap Web
risk 0.00cvss —epss 0.00
Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication.
CVE-2015-2157Mar 27, 2015
Debian
Debian Linux
risk 0.00cvss —epss 0.00
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.
CVE-2014-9712Mar 27, 2015
Websense
V Series Appliances
risk 0.00cvss —epss 0.00
Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allow remote administrators to read arbitrary files and obtain passwords via a crafted path.
CVE-2015-2748Mar 26, 2015
Websense
Triton Ap Data
risk 0.00cvss —epss 0.00
Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file.