VYPR

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

ClassDraftLikelihood: High

Description

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79

CVEs mapped to this weakness (7,319)

page 44 of 366
  • CVE-2017-13143HigAug 23, 2017
    risk 0.49cvss 7.5epss 0.03

    In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.

  • CVE-2017-8037HigAug 21, 2017
    risk 0.49cvss 7.5epss 0.01

    In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to fix this CVE. A…

  • CVE-2017-9680HigAug 18, 2017
    risk 0.49cvss 7.5epss 0.01

    In all Qualcomm products with Android releases from CAF using the Linux kernel, if a pointer argument coming from userspace is invalid, a driver may use an uninitialized structure to log an error message.

  • CVE-2017-9679HigAug 18, 2017
    risk 0.49cvss 7.5epss 0.01

    In all Qualcomm products with Android releases from CAF using the Linux kernel, if a userspace string is not NULL-terminated, kernel memory contents can leak to system logs.

  • CVE-2017-6771HigAug 17, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this…

  • CVE-2015-3614HigAug 11, 2017
    risk 0.49cvss 7.5epss 0.02

    Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability.

  • CVE-2017-3110HigAug 11, 2017
    risk 0.49cvss 7.5epss 0.05

    Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability.

  • CVE-2017-3107HigAug 11, 2017
    risk 0.49cvss 7.5epss 0.07

    Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability.

  • CVE-2017-3130HigAug 10, 2017
    risk 0.49cvss 7.5epss 0.01

    An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4.4 and below versions allows attacker to get FortiOS version info by inspecting FortiOS IKE VendorID packets.

  • CVE-2015-3277HigAug 9, 2017
    risk 0.49cvss 7.5epss 0.03

    The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring.

  • CVE-2015-0785HigAug 9, 2017
    risk 0.49cvss 7.5epss 0.07

    com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ZENworks Configuration Management (ZCM) allows remote attackers to read arbitrary folders via the dirname variable.

  • CVE-2015-0784HigAug 9, 2017
    risk 0.49cvss 7.5epss 0.07

    Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to obtain Session IDs of logged in users via a value of ShowLogins for the maintenance variable.

  • CVE-2017-8516HigAug 8, 2017
    risk 0.49cvss 7.5epss 0.08

    Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information…

  • CVE-2016-6220HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.05

    Information Disclosure vulnerability in the Dashboard and Error Pages in Trend Micro Control Manager SP3 6.0.

  • CVE-2014-3462HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.03

    The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".

  • CVE-2017-6752HigAug 7, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) 9.3(3) and 9.6(2) could allow an unauthenticated, remote attacker to determine valid usernames. The attacker could use this information to conduct additional reconnaissance attacks. The…

  • CVE-2017-9862HigAug 5, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to…

  • CVE-2017-9858HigAug 5, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in further attacks (such as a brute force attack) as one now knows exactly which users…

  • CVE-2017-9492HigJul 31, 2017
    risk 0.49cvss 7.5epss 0.02

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware…

  • CVE-2017-9486HigJul 31, 2017
    risk 0.49cvss 7.5epss 0.02

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to compute password-of-the-day values via unspecified vectors.