Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-4955

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-13 Jun, 2017 | 06:00
Updated At-05 Aug, 2024 | 14:47
Rejected At-
Credits

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:13 Jun, 2017 | 06:00
Updated At:05 Aug, 2024 | 14:47
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.

Affected Products
Vendor
n/a
Product
PCF Elastic Runtime
Versions
Affected
  • PCF Elastic Runtime
Problem Types
TypeCWE IDDescription
textN/ACredentials in Elastic Runtime Notifications errand log
Type: text
CWE ID: N/A
Description: Credentials in Elastic Runtime Notifications errand log
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://pivotal.io/security/cve-2017-4955
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97082
vdb-entry
x_refsource_BID
Hyperlink: https://pivotal.io/security/cve-2017-4955
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/97082
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://pivotal.io/security/cve-2017-4955
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/97082
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://pivotal.io/security/cve-2017-4955
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/97082
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:13 Jun, 2017 | 06:29
Updated At:20 Apr, 2025 | 01:37

An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic Runtime tile.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches

VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.0
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.0:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.1
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.1:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.2
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.2:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.3
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.3:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.4
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.4:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.5
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.5:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.6
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.6:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.7
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.7:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.8
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.8:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.9
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.9:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.10
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.10:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.11
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.11:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.12
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.12:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.13
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.13:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.14
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.14:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.15
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.15:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.16
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.16:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.17
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.17:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.18
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.18:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.19
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.19:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.20
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.20:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.21
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.21:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.22
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.22:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.23
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.23:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.24
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.24:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.25
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.25:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.26
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.26:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.27
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.27:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.28
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.28:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.29
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.29:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.30
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.30:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.31
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.31:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.32
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.32:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.33
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.33:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.34
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.34:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.35
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.35:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.36
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.36:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.37
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.37:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.38
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.38:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.39
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.39:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.40
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.40:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.41
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.41:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.42
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.42:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.43
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.43:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.44
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.44:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.45
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.45:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.46
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.46:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.47
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.47:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.48
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.48:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
pivotal_software
>>cloud_foundry_elastic_runtime>>1.6.49
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.6.49:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-532Primarynvd@nist.gov
CWE ID: CWE-532
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.securityfocus.com/bid/97082security_alert@emc.com
Third Party Advisory
VDB Entry
https://pivotal.io/security/cve-2017-4955security_alert@emc.com
Mitigation
Vendor Advisory
http://www.securityfocus.com/bid/97082af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://pivotal.io/security/cve-2017-4955af854a3a-2127-422b-91ae-364da2661108
Mitigation
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/97082
Source: security_alert@emc.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://pivotal.io/security/cve-2017-4955
Source: security_alert@emc.com
Resource:
Mitigation
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/97082
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://pivotal.io/security/cve-2017-4955
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mitigation
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

157Records found

CVE-2012-1156
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.23% / 78.34%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:01
Updated-06 Aug, 2024 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moodle before 2.2.2 has users' private files included in course backups

Action-Not Available
Vendor-Moodle Pty LtdRed Hat, Inc.Fedora Project
Product-enterprise_linuxfedoramoodleMoodle
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2017-17675
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 54.99%
||
7 Day CHG~0.00%
Published-19 May, 2021 | 13:11
Updated-05 Aug, 2024 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data.

Action-Not Available
Vendor-bmcn/a
Product-remedy_mid-tiern/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-37861
Matching Score-4
Assigner-Mattermost, Inc.
ShareView Details
Matching Score-4
Assigner-Mattermost, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.34% / 55.64%
||
7 Day CHG~0.00%
Published-09 Dec, 2021 | 21:32
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user creation fails.

Action-Not Available
Vendor-Mattermost, Inc.
Product-mattermostMattermost
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2017-15572
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.58% / 67.99%
||
7 Day CHG~0.00%
Published-18 Oct, 2017 | 02:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect.

Action-Not Available
Vendor-redminen/aDebian GNU/Linux
Product-debian_linuxredminen/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2017-1000171
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 54.98%
||
7 Day CHG~0.00%
Published-03 Nov, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.

Action-Not Available
Vendor-n/aMahara
Product-mahara_mobilen/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-20852
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.68%
||
7 Day CHG~0.00%
Published-19 Jun, 2020 | 14:04
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information (e.g., server addresses or message content).

Action-Not Available
Vendor-n/aMattermost, Inc.
Product-mattermost_mobilen/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2020-14518
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.78%
||
7 Day CHG~0.00%
Published-21 Aug, 2020 | 12:10
Updated-04 Jun, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Philips DreamMapper Insertion of Sensitive Information into Log File

Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.

Action-Not Available
Vendor-Philips
Product-dreammapperDreamMapper
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-34800
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.68%
||
7 Day CHG~0.00%
Published-29 Nov, 2021 | 19:16
Updated-16 Sep, 2024 | 19:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensitive information could be logged

Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147

Action-Not Available
Vendor-Acronis (Acronis International GmbH)
Product-agentAcronis Agent
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-34797
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.73%
||
7 Day CHG~0.00%
Published-04 Jan, 2022 | 08:55
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Geode project log file redaction of sensitive information vulnerability

Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log file redaction of sensitive information flaw when using values that begin with characters other than letters or numbers for passwords and security properties with the prefix "sysprop-", "javax.net.ssl", or "security-". This issue is fixed by overhauling the log file redaction in Apache Geode versions 1.12.5, 1.13.5, and 1.14.0.

Action-Not Available
Vendor-The Apache Software Foundation
Product-geodeApache Geode
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-17398
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.30%
||
7 Day CHG~0.00%
Published-15 Oct, 2019 | 20:38
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Dark Horse Comics application 1.3.21 for Android, token information (equivalent to the username and password) is stored in the log during authentication, and may be available to attackers via logcat.

Action-Not Available
Vendor-darkhorsen/a
Product-dark_horse_comicsn/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-18385
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.44%
||
7 Day CHG~0.00%
Published-23 Oct, 2019 | 20:59
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.

Action-Not Available
Vendor-terra-mastern/a
Product-fs-210fs-210_firmwaren/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2016-8346
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.73%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION).

Action-Not Available
Vendor-n/aMoxa Inc.
Product-edr-810_firmwareedr-810edr-810-vpnMoxa EDR-810 Industrial Secure Router
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-9734
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.10%
||
7 Day CHG~0.00%
Published-24 Apr, 2019 | 14:04
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aquarius CMS through 4.3.5 writes POST and GET parameters (including passwords) to a log file due to an overwriting of configuration parameters under certain circumstances.

Action-Not Available
Vendor-aquaverden/a
Product-aquarius_cmsn/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-16203
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.68%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 15:16
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the credentials of the remote ESRS server when these credentials are given as a command line option when configuring the ESRS client.

Action-Not Available
Vendor-Brocade Communications Systems, Inc. (Broadcom Inc.)Broadcom Inc.
Product-fabric_operating_systemBrocade Fabric OS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-16528
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.54%
||
7 Day CHG~0.00%
Published-20 Mar, 2020 | 20:37
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the AbuseFilter extension for MediaWiki. includes/special/SpecialAbuseLog.php allows attackers to obtain sensitive information, such as deleted/suppressed usernames and summaries, from AbuseLog revision data. This affects REL1_32 and REL1_33.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-abusefiltern/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2016-8233
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 59.80%
||
7 Day CHG~0.00%
Published-01 Mar, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.

Action-Not Available
Vendor-Lenovo Group Limited
Product-xclarity_administratorXClarity Administrator
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-9724
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.53%
||
7 Day CHG~0.00%
Published-24 Apr, 2019 | 13:56
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

aquaverde Aquarius CMS through 4.3.5 allows Information Exposure through Log Files because of an error in the Log-File writer component.

Action-Not Available
Vendor-aquaverden/a
Product-aquarius_cmsn/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2016-9344
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.37%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-miineport_e1_firmwaremiineport_e1miineport_e2miineport_e2_firmwaremiineport_e3miineport_e3_firmwareMoxa MiiNePort
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2018-11716
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.48% / 92.51%
||
7 Day CHG~0.00%
Published-16 Jul, 2018 | 14:00
Updated-05 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords, patching level, etc.) via a GET request on port 8022, 8443, or 8444.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_desktop_centraln/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-7612
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 63.92%
||
7 Day CHG~0.00%
Published-25 Mar, 2019 | 18:34
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.

Action-Not Available
Vendor-NetApp, Inc.Elasticsearch BV
Product-logstashactive_iq_performance_analytics_servicesLogstash
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-6656
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-7.5||HIGH
EPSS-0.54% / 66.52%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 19:03
Updated-04 Aug, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated independently from BIG-IP software. Client version 7.1.8 (7180.2019.508.705) and later has the fix.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_access_policy_managerbig-ip_access_policy_manager_clientBIG-IP APM Edge Client
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2018-11717
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.61% / 92.57%
||
7 Day CHG~0.00%
Published-16 Jul, 2018 | 14:00
Updated-05 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and mail settings of the EAS account (an AD account used to send mail), the cleartext password of recovery_password of Android devices, the cleartext password of account "set", the location of devices enrolled in the platform (with UUID and information related to the name of the person at the location), critical information about all enrolled devices such as Serial Number, UUID, Model, Name, and auth_session_token (usable to spoof a terminal identity on the platform), etc.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_desktop_centraln/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-4008
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-9||CRITICAL
EPSS-0.49% / 64.37%
||
7 Day CHG~0.00%
Published-07 Feb, 2019 | 16:00
Updated-17 Sep, 2024 | 03:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626.

Action-Not Available
Vendor-IBM Corporation
Product-api_connectAPI Connect
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-3429
Matching Score-4
Assigner-ZTE Corporation
ShareView Details
Matching Score-4
Assigner-ZTE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 46.70%
||
7 Day CHG~0.00%
Published-23 Dec, 2019 | 18:09
Updated-04 Aug, 2024 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information.

Action-Not Available
Vendor-ZTE Corporation
Product-zxcloud_goldendata_vapZXCLOUD GoldenData VAP
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-17395
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.30%
||
7 Day CHG~0.00%
Published-15 Oct, 2019 | 21:07
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

Action-Not Available
Vendor-rapidgatorn/a
Product-rapidgatorn/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-17397
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.30%
||
7 Day CHG~0.00%
Published-15 Oct, 2019 | 14:42
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the DoorDash application through 11.5.2 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

Action-Not Available
Vendor-doordashn/a
Product-doordashn/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-17394
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.30%
||
7 Day CHG~0.00%
Published-15 Oct, 2019 | 20:59
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

Action-Not Available
Vendor-seesawn/a
Product-parent_and_familyn/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-17396
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.30%
||
7 Day CHG~0.00%
Published-15 Oct, 2019 | 20:52
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the PowerSchool Mobile application 1.1.8 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

Action-Not Available
Vendor-powerschooln/a
Product-powerschool_mobilen/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-17355
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.30%
||
7 Day CHG~0.00%
Published-15 Oct, 2019 | 20:46
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the Orbitz application 19.31.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.

Action-Not Available
Vendor-orbitzn/a
Product-orbitzn/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-16204
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.62%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 15:16
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1d could expose external passwords, common secrets or authentication keys used between the switch and an external server.

Action-Not Available
Vendor-Brocade Communications Systems, Inc. (Broadcom Inc.)Broadcom Inc.
Product-fabric_operating_systemBrocade Fabric OS
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-1622
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-86.00% / 99.35%
||
7 Day CHG~0.00%
Published-27 Jun, 2019 | 03:05
Updated-19 Nov, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Data Center Network Manager Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download log files and diagnostic information from the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-15294
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 56.46%
||
7 Day CHG~0.00%
Published-28 Aug, 2019 | 11:06
Updated-05 Aug, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Gallagher Command Centre 8.10 before 8.10.1092(MR2). Upon an upgrade, if a custom service account is in use and the visitor management service is installed, the Windows username and password for this service are logged in cleartext to the Command_centre.log file.

Action-Not Available
Vendor-n/aGallagher Group Ltd.
Product-command_centren/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-3888
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.57% / 67.59%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:45
Updated-04 Aug, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)

Action-Not Available
Vendor-Red Hat, Inc.NetApp, Inc.
Product-jboss_data_gridopenshift_application_runtimesvirtualizationenterprise_linuxvirtualization_hostactive_iq_unified_managerundertowundertow
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2016-6799
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.34%
||
7 Day CHG~0.00%
Published-09 May, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a maximum of four 16 KB rotated logs are kept in addition to the current log. The logged data can be read using Logcat on the device. When using platforms prior to Android 4.1 (Jelly Bean), the log data is not sandboxed per application; any application installed on the device has the capability to read data logged by other applications.

Action-Not Available
Vendor-The Apache Software Foundation
Product-cordovaApache Cordova Android
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-35299
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.68%
||
7 Day CHG~0.00%
Published-28 Jun, 2021 | 19:06
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing.

Action-Not Available
Vendor-zammadn/a
Product-zammadn/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2017-7434
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-3.3||LOW
EPSS-0.17% / 38.28%
||
7 Day CHG~0.00%
Published-02 Mar, 2018 | 20:00
Updated-17 Sep, 2024 | 02:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NetIQ Identity Manager JDBC driver could leak passwords in exception traces

In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles.

Action-Not Available
Vendor-netiqNetIQ
Product-identity_managerIdentity Manager
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2016-10526
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-8.6||HIGH
EPSS-0.32% / 54.10%
||
7 Day CHG~0.00%
Published-31 May, 2018 | 20:00
Updated-16 Sep, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth part of the url. In module versions < 0.9.1 the auth portion of the url is outputted as part of the grunt tasks logging function. If this output is publicly available then the credentials should be considered compromised.

Action-Not Available
Vendor-grunt-gh-pages_projectHackerOne
Product-grunt-gh-pagesgrunt-gh-pages node module
CWE ID-CWE-391
Unchecked Error Condition
CWE ID-CWE-255
Not Available
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2016-0875
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.10%
||
7 Day CHG~0.00%
Published-31 May, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-edr-g903_firmwareedr-g903n/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2016-0898
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-10||CRITICAL
EPSS-0.31% / 53.59%
||
7 Day CHG~0.00%
Published-29 Mar, 2018 | 22:00
Updated-05 Aug, 2024 | 22:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-pivotal_software_mysqln/a
CWE ID-CWE-255
Not Available
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2018-7433
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.93%
||
7 Day CHG~0.00%
Published-02 Mar, 2018 | 20:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page.

Action-Not Available
Vendor-n/aSolidWP (iThemes)
Product-securityn/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-11465
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 57.64%
||
7 Day CHG~0.00%
Published-10 Sep, 2019 | 16:55
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. The Memcached "connections" stat block command emits a non-redacted username. The system information submitted to Couchbase as part of a bug report included the usernames for all users currently logged into the system even if the log was redacted for privacy. This has been fixed (in 5.5.4 and 6.0.1) so that usernames are tagged properly in the logs and are hashed out when the logs are redacted.

Action-Not Available
Vendor-n/aCouchbase, Inc.
Product-couchbase_servern/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2015-8977
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.22% / 78.22%
||
7 Day CHG~0.00%
Published-31 Jan, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.

Action-Not Available
Vendor-n/aMyBB
Product-merge_systemmybbn/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-32074
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.42%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 04:01
Updated-03 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered with GitHub Actions for log masking.

Action-Not Available
Vendor-n/aHashiCorp, Inc.
Product-vault-actionn/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-25009
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 49.36%
||
7 Day CHG~0.00%
Published-07 Mar, 2022 | 08:16
Updated-03 Aug, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CorreosExpress <= 2.6.0 - Sensitive Information Disclosure

The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses

Action-Not Available
Vendor-correosexpress_projectUnknown
Product-correosexpressCorreosExpress – Shipping Management – Tags
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-11492
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.68%
||
7 Day CHG~0.00%
Published-26 Apr, 2019 | 20:02
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ProjectSend before r1070 writes user passwords to the server logs.

Action-Not Available
Vendor-projectsendn/a
Product-projectsendn/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-0741
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-3.32% / 86.76%
||
7 Day CHG~0.00%
Published-06 Mar, 2019 | 00:00
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive information, aka 'Azure IoT Java SDK Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-java_software_development_kitJava SDK for Azure IoT
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-0202
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.64% / 69.66%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 23:17
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints.

Action-Not Available
Vendor-The Apache Software Foundation
Product-stormStorm
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2018-8719
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-7.24% / 91.26%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 19:00
Updated-05 Aug, 2024 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information.

Action-Not Available
Vendor-wpsecurityauditlogn/a
Product-wp_security_audit_logn/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2018-7204
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.78% / 72.83%
||
7 Day CHG~0.00%
Published-07 Mar, 2018 | 20:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and contains database credentials, salts, etc. These files have been indexed by Google and a simple dork will find affected sites.

Action-Not Available
Vendor-giribazn/a
Product-file_managern/a
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2018-7683
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.10%
||
7 Day CHG~0.00%
Published-21 Jun, 2018 | 19:00
Updated-17 Sep, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.

Action-Not Available
Vendor-Micro Focus International Limited
Product-solutions_business_managerSolutions Business Manager 11.4
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found