VYPR

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

ClassDraftLikelihood: High

Description

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79

CVEs mapped to this weakness (7,319)

page 35 of 366
  • CVE-2017-16057HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    nodemssql was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16056HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.01

    mssql.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16055HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16054HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16053HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16052HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16051HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16050HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16049HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16048HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16045HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16044HigJun 4, 2018
    risk 0.49cvss 7.5epss 0.01

    `d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2016-10519HigMay 31, 2018
    risk 0.49cvss 7.5epss 0.02

    A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific series of messages to a listening peer and get it to reveal internal memory.

  • CVE-2017-16062HigMay 29, 2018
    risk 0.49cvss 7.5epss 0.01

    node-tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16061HigMay 29, 2018
    risk 0.49cvss 7.5epss 0.01

    tkinter was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2017-16047HigMay 29, 2018
    risk 0.49cvss 7.5epss 0.01

    mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

  • CVE-2018-10652HigMay 23, 2018
    risk 0.49cvss 7.5epss 0.01

    There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.

  • CVE-2018-4925HigMay 19, 2018
    risk 0.49cvss 7.5epss 0.04

    Adobe Digital Editions versions 4.5.7 and below have an exploitable Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-5256HigMay 18, 2018
    risk 0.49cvss 7.5epss 0.02

    CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server.…

  • CVE-2018-1438HigMay 17, 2018
    risk 0.49cvss 7.5epss 0.02

    IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on…