CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Description
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79
CVEs mapped to this weakness (7,319)
page 38 of 366| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6280 | Hig | 0.49 | 7.5 | 0.00 | Mar 6, 2018 | NVIDIA driver contains a possible out-of-bounds read vulnerability due to a leak which may lead to information disclosure. This issue is rated as moderate. Android: A-63851980. | ||
| CVE-2017-7633 | Hig | 0.49 | 7.5 | 0.01 | Mar 5, 2018 | QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive information contained in NAS devices. If exploited, this may allow attackers to further compromise the device. | ||
| CVE-2018-7668 | Hig | 0.49 | 7.5 | 0.02 | Mar 5, 2018 | TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php. | ||
| CVE-2017-11635 | Hig | 0.49 | 7.5 | 0.01 | Feb 26, 2018 | An issue was discovered on Wireless IP Camera 360 devices. Attackers can read recordings by navigating to /mnt/idea0 or /mnt/idea1 on the SD memory card. | ||
| CVE-2018-7276 | Hig | 0.49 | 7.5 | 0.01 | Feb 21, 2018 | An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device. | ||
| CVE-2017-18192 | Hig | 0.49 | 7.5 | 0.01 | Feb 20, 2018 | smart/calculator/gallerylock/CalculatorActivity.java in the "Photo,Video Locker-Calculator" application through 18 for Android allows attackers to access files via the backdoor 17621762 PIN. | ||
| CVE-2018-7210 | Hig | 0.49 | 7.5 | 0.01 | Feb 18, 2018 | An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idb/config?CMD=installLicense URI, as demonstrated by intranet IP addresses and names of guest accounts. | ||
| CVE-2018-7209 | Hig | 0.49 | 7.5 | 0.01 | Feb 18, 2018 | An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idashboards/config.xml URI, as demonstrated by intranet URLs for reports. | ||
| CVE-2017-8980 | — | Hig | 0.49 | 7.5 | 0.05 | Feb 15, 2018 | A Remote Disclosure of Information vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found. | |
| CVE-2017-8952 | — | Hig | 0.49 | 7.5 | 0.05 | Feb 15, 2018 | A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found. | |
| CVE-2017-8944 | — | Hig | 0.49 | 7.5 | 0.06 | Feb 15, 2018 | A Remote Disclosure of Information vulnerability in HPE Cloud Optimizer version v3.0x was found. | |
| CVE-2017-5803 | Hig | 0.49 | 7.5 | 0.08 | Feb 15, 2018 | A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found. | ||
| CVE-2017-5801 | Hig | 0.49 | 7.5 | 0.07 | Feb 15, 2018 | A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found. | ||
| CVE-2017-5797 | Hig | 0.49 | 7.5 | 0.05 | Feb 15, 2018 | A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found. | ||
| CVE-2016-8525 | Hig | 0.49 | 7.5 | 0.09 | Feb 15, 2018 | A Remote Disclosure of Information vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version. | ||
| CVE-2018-6293 | Hig | 0.49 | 7.5 | 0.01 | Feb 13, 2018 | Arbitrary File Read in Saperion Web Client version 7.5.2 83166. | ||
| CVE-2017-13246 | Hig | 0.49 | 7.5 | 0.01 | Feb 12, 2018 | A information disclosure vulnerability in the Upstream kernel network driver. Product: Android. Versions: Android kernel. ID: A-36279469. | ||
| CVE-2017-13243 | Hig | 0.49 | 7.5 | 0.01 | Feb 12, 2018 | A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991. | ||
| CVE-2017-13242 | Hig | 0.49 | 7.5 | 0.01 | Feb 12, 2018 | A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248. | ||
| CVE-2017-13241 | Hig | 0.49 | 7.5 | 0.01 | Feb 12, 2018 | A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651. |
- risk 0.49cvss 7.5epss 0.00
NVIDIA driver contains a possible out-of-bounds read vulnerability due to a leak which may lead to information disclosure. This issue is rated as moderate. Android: A-63851980.
- risk 0.49cvss 7.5epss 0.01
QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive information contained in NAS devices. If exploited, this may allow attackers to further compromise the device.
- risk 0.49cvss 7.5epss 0.02
TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered on Wireless IP Camera 360 devices. Attackers can read recordings by navigating to /mnt/idea0 or /mnt/idea1 on the SD memory card.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device.
- risk 0.49cvss 7.5epss 0.01
smart/calculator/gallerylock/CalculatorActivity.java in the "Photo,Video Locker-Calculator" application through 18 for Android allows attackers to access files via the backdoor 17621762 PIN.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idb/config?CMD=installLicense URI, as demonstrated by intranet IP addresses and names of guest accounts.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idashboards/config.xml URI, as demonstrated by intranet URLs for reports.
- risk 0.49cvss 7.5epss 0.05
A Remote Disclosure of Information vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
- risk 0.49cvss 7.5epss 0.05
A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.
- risk 0.49cvss 7.5epss 0.06
A Remote Disclosure of Information vulnerability in HPE Cloud Optimizer version v3.0x was found.
- risk 0.49cvss 7.5epss 0.08
A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found.
- risk 0.49cvss 7.5epss 0.07
A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found.
- risk 0.49cvss 7.5epss 0.05
A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found.
- risk 0.49cvss 7.5epss 0.09
A Remote Disclosure of Information vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.
- risk 0.49cvss 7.5epss 0.01
Arbitrary File Read in Saperion Web Client version 7.5.2 83166.
- risk 0.49cvss 7.5epss 0.01
A information disclosure vulnerability in the Upstream kernel network driver. Product: Android. Versions: Android kernel. ID: A-36279469.
- risk 0.49cvss 7.5epss 0.01
A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991.
- risk 0.49cvss 7.5epss 0.01
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248.
- risk 0.49cvss 7.5epss 0.01
A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651.