CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

ClassDraftLikelihood: High

Description

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Hierarchy (View 1000)

Parents

CWE-668

Children

Related attack patterns (CAPEC)

CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79

CVEs mapped to this weakness (5,455)

page 49 of 273

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-4922	Med	0.42	6.5	0.00	Aug 1, 2017	VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted.
CVE-2017-9477	Med	0.42	6.5	0.00	Jul 31, 2017	The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to discover the CM MAC address by connecting to the device's xfinitywifi hotspot.
CVE-2015-5187	Med	0.42	6.5	0.00	Jul 25, 2017	Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive web traffic.
CVE-2017-9554	Med	0.42	5.3	0.58	Jul 24, 2017	An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.
CVE-2017-11327	Med	0.42	6.5	0.00	Jul 24, 2017	An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload.
CVE-2017-1374	Med	0.42	6.5	0.00	Jul 21, 2017	Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867.
CVE-2017-11448	Med	0.42	6.5	0.01	Jul 19, 2017	The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.
CVE-2017-7947	Med	0.42	6.5	0.00	Jul 17, 2017	NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line.
CVE-2017-2642	Med	0.42	6.5	0.00	Jul 17, 2017	Moodle 3.x has user fullname disclosure on the user preferences page.
CVE-2017-8442	Med	0.42	6.5	0.00	Jul 7, 2017	Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated Elasticsearch user to improperly view these details.
CVE-2017-4999	Med	0.42	6.5	0.00	Jul 7, 2017	EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users' discussion forum messages.
CVE-2017-10911	Med	0.42	6.5	0.00	Jul 5, 2017	The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.
CVE-2017-8443	Med	0.42	6.5	0.00	Jun 30, 2017	In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs.
CVE-2017-1193	Med	0.42	6.5	0.00	Jun 23, 2017	IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667.
CVE-2017-1131	Med	0.42	6.5	0.00	Jun 23, 2017	IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375.
CVE-2016-9982	Med	0.42	6.5	0.00	Jun 22, 2017	IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. IBM X-Force ID: 120274.
CVE-2016-10362	Med	0.42	6.5	0.00	Jun 16, 2017	Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.
CVE-2016-1000221	Hig	0.42	7.5	0.01	Jun 16, 2017	Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
CVE-2017-6697	Med	0.42	6.5	0.00	Jun 13, 2017	A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. More Information: CSCvd76339. Known Affected Releases: 2.2(9.76).
CVE-2017-6691	Med	0.42	6.5	0.00	Jun 13, 2017	A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.3(2).

CVE-2017-4922MedAug 1, 2017
risk 0.42cvss 6.5epss 0.00
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure issue due to the service startup script using world writable directories as temporary storage for critical information. Successful exploitation of this issue may allow unprivileged host users to access certain critical information when the service gets restarted.
CVE-2017-9477MedJul 31, 2017
risk 0.42cvss 6.5epss 0.00
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to discover the CM MAC address by connecting to the device's xfinitywifi hotspot.
CVE-2015-5187MedJul 25, 2017
risk 0.42cvss 6.5epss 0.00
Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive web traffic.
CVE-2017-9554MedJul 24, 2017
risk 0.42cvss 5.3epss 0.58
An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.
CVE-2017-11327MedJul 24, 2017
risk 0.42cvss 6.5epss 0.00
An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload.
CVE-2017-1374MedJul 21, 2017
risk 0.42cvss 6.5epss 0.00
Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867.
CVE-2017-11448MedJul 19, 2017
risk 0.42cvss 6.5epss 0.01
The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.
CVE-2017-7947MedJul 17, 2017
risk 0.42cvss 6.5epss 0.00
NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line.
CVE-2017-2642MedJul 17, 2017
risk 0.42cvss 6.5epss 0.00
Moodle 3.x has user fullname disclosure on the user preferences page.
CVE-2017-8442MedJul 7, 2017
risk 0.42cvss 6.5epss 0.00
Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated Elasticsearch user to improperly view these details.
CVE-2017-4999MedJul 7, 2017
risk 0.42cvss 6.5epss 0.00
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privileged attacker may potentially exploit this vulnerability to elevate their privileges and view other users' discussion forum messages.
CVE-2017-10911MedJul 5, 2017
risk 0.42cvss 6.5epss 0.00
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.
CVE-2017-8443MedJun 30, 2017
risk 0.42cvss 6.5epss 0.00
In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in the URL bar. The credentials could then be viewed by untrusted parties or logged into the Kibana access logs.
CVE-2017-1193MedJun 23, 2017
risk 0.42cvss 6.5epss 0.00
IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667.
CVE-2017-1131MedJun 23, 2017
risk 0.42cvss 6.5epss 0.00
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375.
CVE-2016-9982MedJun 22, 2017
risk 0.42cvss 6.5epss 0.00
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. IBM X-Force ID: 120274.
CVE-2016-10362MedJun 16, 2017
risk 0.42cvss 6.5epss 0.00
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.
CVE-2016-1000221HigJun 16, 2017
risk 0.42cvss 7.5epss 0.01
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
CVE-2017-6697MedJun 13, 2017
risk 0.42cvss 6.5epss 0.00
A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. More Information: CSCvd76339. Known Affected Releases: 2.2(9.76).
CVE-2017-6691MedJun 13, 2017
risk 0.42cvss 6.5epss 0.00
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.3(2).