VYPR

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

ClassDraftLikelihood: High

Description

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79

CVEs mapped to this weakness (7,319)

page 38 of 366
  • CVE-2017-6280HigMar 6, 2018
    risk 0.49cvss 7.5epss 0.00

    NVIDIA driver contains a possible out-of-bounds read vulnerability due to a leak which may lead to information disclosure. This issue is rated as moderate. Android: A-63851980.

  • CVE-2017-7633HigMar 5, 2018
    risk 0.49cvss 7.5epss 0.01

    QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive information contained in NAS devices. If exploited, this may allow attackers to further compromise the device.

  • CVE-2018-7668HigMar 5, 2018
    risk 0.49cvss 7.5epss 0.02

    TestLink through 1.9.16 allows remote attackers to read arbitrary attachments via a modified ID field to /lib/attachments/attachmentdownload.php.

  • CVE-2017-11635HigFeb 26, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Wireless IP Camera 360 devices. Attackers can read recordings by navigating to /mnt/idea0 or /mnt/idea1 on the SD memory card.

  • CVE-2018-7276HigFeb 21, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device.

  • CVE-2017-18192HigFeb 20, 2018
    risk 0.49cvss 7.5epss 0.01

    smart/calculator/gallerylock/CalculatorActivity.java in the "Photo,Video Locker-Calculator" application through 18 for Android allows attackers to access files via the backdoor 17621762 PIN.

  • CVE-2018-7210HigFeb 18, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idb/config?CMD=installLicense URI, as demonstrated by intranet IP addresses and names of guest accounts.

  • CVE-2018-7209HigFeb 18, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in iDashboards 9.6b. It allows remote attackers to obtain sensitive information via a direct request for the idashboards/config.xml URI, as demonstrated by intranet URLs for reports.

  • CVE-2017-8980HigFeb 15, 2018
    risk 0.49cvss 7.5epss 0.05

    A Remote Disclosure of Information vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.

  • CVE-2017-8952HigFeb 15, 2018
    risk 0.49cvss 7.5epss 0.05

    A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.

  • CVE-2017-8944HigFeb 15, 2018
    risk 0.49cvss 7.5epss 0.06

    A Remote Disclosure of Information vulnerability in HPE Cloud Optimizer version v3.0x was found.

  • CVE-2017-5803HigFeb 15, 2018
    risk 0.49cvss 7.5epss 0.08

    A Remote Disclosure of Information vulnerability in HPE NonStop Servers using SSH Service version L series: T0801L02 through T0801L02^ABX; J and H series: T0801H01 through T0801H01^ACA was found.

  • CVE-2017-5801HigFeb 15, 2018
    risk 0.49cvss 7.5epss 0.07

    A Remote Unauthorized Access to Data vulnerability in HPE Business Process Monitor version v09.2x, v09.30 was found.

  • CVE-2017-5797HigFeb 15, 2018
    risk 0.49cvss 7.5epss 0.05

    A Remote Unauthenticated Disclosure of Information vulnerability in HPE Intelligent Management Center (IMC) SOM version v7.3 (E0501) was found.

  • CVE-2016-8525HigFeb 15, 2018
    risk 0.49cvss 7.5epss 0.09

    A Remote Disclosure of Information vulnerability in HPE iMC PLAT version v7.2 E0403P06 and earlier was found. The problem was resolved in iMC PLAT 7.3 E0504 or subsequent version.

  • CVE-2018-6293HigFeb 13, 2018
    risk 0.49cvss 7.5epss 0.01

    Arbitrary File Read in Saperion Web Client version 7.5.2 83166.

  • CVE-2017-13246HigFeb 12, 2018
    risk 0.49cvss 7.5epss 0.01

    A information disclosure vulnerability in the Upstream kernel network driver. Product: Android. Versions: Android kernel. ID: A-36279469.

  • CVE-2017-13243HigFeb 12, 2018
    risk 0.49cvss 7.5epss 0.01

    A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991.

  • CVE-2017-13242HigFeb 12, 2018
    risk 0.49cvss 7.5epss 0.01

    A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248.

  • CVE-2017-13241HigFeb 12, 2018
    risk 0.49cvss 7.5epss 0.01

    A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651.