CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Description
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79
CVEs mapped to this weakness (7,319)
page 28 of 366| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-34991 | Hig | 0.49 | 7.5 | 0.00 | Jun 24, 2024 | In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can download partial credit card information (expiry date) / postal address / email / etc. without restriction due to a lack of permissions control. | ||
| CVE-2024-35341 | Hig | 0.49 | 7.5 | 0.00 | May 28, 2024 | Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords (encrypted with a hardcoded key common to all… | ||
| CVE-2024-34388 | Hig | 0.49 | 7.5 | 0.01 | May 6, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Scribit GDPR Compliance.This issue affects GDPR Compliance: from n/a through 1.2.5. | ||
| CVE-2024-25458 | Hig | 0.49 | 7.5 | 0.01 | May 1, 2024 | An issue in CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera (circuit board identifier A9-48B-V1.0) firmware v.CYCAM_48B_BC01_v87_0903 allows a remote attacker to obtain sensitive information via a crafted request to a UDP port. | ||
| CVE-2024-24313 | Hig | 0.49 | 7.5 | 0.01 | May 1, 2024 | An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/FormModel.php and QRModel.php component. | ||
| CVE-2024-33309 | Hig | 0.49 | 7.5 | 0.01 | Apr 30, 2024 | An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository. | ||
| CVE-2024-32816 | Hig | 0.49 | 7.5 | 0.01 | Apr 24, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78. | ||
| CVE-2024-32781 | Hig | 0.49 | 7.5 | 0.01 | Apr 24, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.This issue affects Email Customizer for WooCommerce: from n/a through 2.6.0. | ||
| CVE-2024-32726 | Hig | 0.49 | 7.5 | 0.01 | Apr 24, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in vinoth06. Frontend Dashboard.This issue affects Frontend Dashboard: from n/a through 2.2.2. | ||
| CVE-2024-32086 | Hig | 0.49 | 7.5 | 0.01 | Apr 16, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a through 5.18.1. | ||
| CVE-2023-50872 | Hig | 0.49 | 7.5 | 0.00 | Apr 16, 2024 | The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions "Vendor says that it's… | ||
| CVE-2023-7046 | Hig | 0.49 | 7.5 | 0.00 | Apr 9, 2024 | The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for… | ||
| CVE-2024-2632 | Hig | 0.49 | 7.5 | 0.01 | Mar 19, 2024 | A Information Exposure Vulnerability has been found on Meta4 HR. This vulnerability allows an attacker to obtain a lot of information about the application such as the variables set in the process, the Tomcat versions, library versions and underlying operation system via HTTP… | ||
| CVE-2024-22154 | Hig | 0.49 | 7.5 | 0.01 | Jan 24, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15. | ||
| CVE-2023-6266 | Hig | 0.49 | 7.5 | 0.02 | Jan 11, 2024 | The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated… | ||
| CVE-2023-52190 | Hig | 0.49 | 7.5 | 0.01 | Jan 8, 2024 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2. | ||
| CVE-2023-48288 | Hig | 0.49 | 7.5 | 0.01 | Dec 21, 2023 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.1. | ||
| CVE-2023-48122 | Hig | 0.49 | 7.5 | 0.01 | Dec 8, 2023 | An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method. | ||
| CVE-2023-44150 | Hig | 0.49 | 7.5 | 0.01 | Nov 30, 2023 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce,… | ||
| CVE-2023-40211 | Hig | 0.49 | 7.5 | 0.02 | Nov 30, 2023 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50. |
- risk 0.49cvss 7.5epss 0.00
In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can download partial credit card information (expiry date) / postal address / email / etc. without restriction due to a lack of permissions control.
- risk 0.49cvss 7.5epss 0.00
Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords (encrypted with a hardcoded key common to all…
- risk 0.49cvss 7.5epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Scribit GDPR Compliance.This issue affects GDPR Compliance: from n/a through 1.2.5.
- risk 0.49cvss 7.5epss 0.01
An issue in CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera (circuit board identifier A9-48B-V1.0) firmware v.CYCAM_48B_BC01_v87_0903 allows a remote attacker to obtain sensitive information via a crafted request to a UDP port.
- risk 0.49cvss 7.5epss 0.01
An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/FormModel.php and QRModel.php component.
- risk 0.49cvss 7.5epss 0.01
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository.
- risk 0.49cvss 7.5epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid.This issue affects Post Grid: from n/a through 2.2.78.
- risk 0.49cvss 7.5epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.This issue affects Email Customizer for WooCommerce: from n/a through 2.6.0.
- risk 0.49cvss 7.5epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in vinoth06. Frontend Dashboard.This issue affects Frontend Dashboard: from n/a through 2.2.2.
- risk 0.49cvss 7.5epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a through 5.18.1.
- risk 0.49cvss 7.5epss 0.00
The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions "Vendor says that it's…
- risk 0.49cvss 7.5epss 0.00
The WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to Force HTTPS, SSL Score plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0 via exposed Private key files. This makes it possible for…
- risk 0.49cvss 7.5epss 0.01
A Information Exposure Vulnerability has been found on Meta4 HR. This vulnerability allows an attacker to obtain a lot of information about the application such as the variables set in the process, the Tomcat versions, library versions and underlying operation system via HTTP…
- risk 0.49cvss 7.5epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15.
- risk 0.49cvss 7.5epss 0.02
The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated…
- risk 0.49cvss 7.5epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2.
- risk 0.49cvss 7.5epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.1.
- risk 0.49cvss 7.5epss 0.01
An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.
- risk 0.49cvss 7.5epss 0.01
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce,…
- risk 0.49cvss 7.5epss 0.02
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50.