VYPR

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

ClassDraftLikelihood: High

Description

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79

CVEs mapped to this weakness (7,319)

page 27 of 366
  • CVE-2024-47922HigDec 30, 2024
    risk 0.49cvss 7.5epss 0.00

    Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

  • CVE-2024-56509HigDec 27, 2024
    risk 0.49cvss 8.6epss 0.01

    changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read (LFR) or path traversal attacks. These vulnerabilities occur…

  • CVE-2024-21549HigDec 20, 2024
    risk 0.49cvss 8.6epss 0.01

    Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a…

  • CVE-2024-51163HigNov 20, 2024
    risk 0.49cvss 7.5epss 0.01

    A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versions 6.3.47.0 and earlier allows a remote attacker to obtain sensitive information through the print label function. Specifically, the filePathList parameter is susceptible to LFI, enabling a malicious user to…

  • CVE-2024-47915HigNov 14, 2024
    risk 0.49cvss 7.5epss 0.00

    VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

  • CVE-2024-6861HigNov 6, 2024
    risk 0.49cvss 7.5epss 0.01

    A disclosure of sensitive information flaw was found in foreman via the GraphQL API. If the introspection feature is enabled, it is possible for attackers to retrieve sensitive admin authentication keys which could result in a compromise of the entire product's API.

  • CVE-2024-48824HigOct 14, 2024
    risk 0.49cvss 7.5epss 0.00

    An issue in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to obtain sensitive information via the Racine & FileName parameters in the download-file.php component.

  • CVE-2024-48789HigOct 14, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process.

  • CVE-2024-48799HigOct 14, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-48798HigOct 14, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-48797HigOct 14, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2.0 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-48796HigOct 14, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in EQUES com.eques.plug 1.0.1 allows a remote attacker to obtain sensitive information via the firmware update process.

  • CVE-2024-45624HigSep 12, 2024
    risk 0.49cvss 7.5epss 0.01

    Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved.

  • CVE-2024-38747HigAug 13, 2024
    risk 0.49cvss 7.5epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway for WooCommerce: from n/a…

  • CVE-2024-41696HigJul 30, 2024
    risk 0.49cvss 7.5epss 0.00

    Priority PRI WEB Portal Add-On for Priority ERP on prem - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

  • CVE-2024-37115HigJul 10, 2024
    risk 0.49cvss 7.5epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8.

  • CVE-2024-37110HigJul 10, 2024
    risk 0.49cvss 7.5epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a before 3.26.7.

  • CVE-2023-52237HigJul 9, 2024
    risk 0.49cvss 7.5epss 0.00

    A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM…

  • CVE-2024-39182HigJul 5, 2024
    risk 0.49cvss 7.5epss 0.00

    An information disclosure vulnerability in ISPmanager v6.98.0 allows attackers to access sensitive details of the root user's session via an arbitrary command (ISP6-1779).

  • CVE-2024-5753HigJul 5, 2024
    risk 0.49cvss 7.5epss 0.01

    vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as `pg_read_file()`. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like `/etc/passwd`, by…