Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1727 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-09-16 | N/A |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869. | ||||
| CVE-2020-4477 | 1 Ibm | 1 Spectrum Protect Plus | 2024-09-16 | 6.5 Medium |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779. | ||||
| CVE-2020-8564 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-09-16 | 4.7 Medium |
| In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13. | ||||
| CVE-2020-8563 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-09-16 | 4.7 Medium |
| In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3. | ||||
| CVE-2022-27893 | 1 Osisoft-pi-web-connector Project | 1 Osisoft-pi-web-connector | 2024-09-16 | 4.2 Medium |
| The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0. | ||||
| CVE-2017-1198 | 1 Ibm | 1 Bigfix Compliance | 2024-09-16 | N/A |
| IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123673. | ||||
| CVE-2020-4405 | 1 Ibm | 1 Verify Gateway | 2024-09-16 | 4.3 Medium |
| IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484. | ||||
| CVE-2020-3930 | 1 Geovision | 2 Gv-gf192x, Gv-gf192x Firmware | 2024-09-16 | 4 Medium |
| GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs. | ||||
| CVE-2022-20630 | 1 Cisco | 1 Dna Center | 2024-09-16 | 4.4 Medium |
| A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI. A successful exploit could allow the attacker to retrieve sensitive information that includes user credentials. | ||||
| CVE-2019-6158 | 1 Lenovo | 1 Xclarity Administrator | 2024-09-16 | N/A |
| An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered HTTP proxy credentials being written to a log file in clear text. This only affects LXCA when HTTP proxy credentials have been configured. This affects LXCA versions 2.0.0 to 2.3.x. | ||||
| CVE-2019-1953 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2024-09-16 | 6.5 Medium |
| A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to view a password in clear text. The vulnerability is due to incorrectly logging the admin password when a user is forced to modify the default password when logging in to the web portal for the first time. Subsequent password changes are not logged and other accounts are not affected. An attacker could exploit this vulnerability by viewing the admin clear text password and using it to access the affected system. The attacker would need a valid user account to exploit this vulnerability. | ||||
| CVE-2021-29759 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2024-09-16 | 2.3 Low |
| IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212. | ||||
| CVE-2019-4706 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2024-09-16 | 2.7 Low |
| IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016. | ||||
| CVE-2021-3034 | 1 Paloaltonetworks | 1 Cortex Xsoar | 2024-09-16 | 5.1 Medium |
| An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the private key and identity provider certificate used to configure the SAML SSO integration. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 98622; Cortex XSOAR 6.0.1 builds earlier than 830029; Cortex XSOAR 6.0.2 builds earlier than 98623; Cortex XSOAR 6.1.0 builds earlier than 848144. | ||||
| CVE-2019-19756 | 1 Lenovo | 1 Xclarity Administrator | 2024-09-16 | 7.9 High |
| An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA. | ||||
| CVE-2022-29071 | 1 Arista | 1 Cloudvision Portal | 2024-09-16 | 4 Medium |
| This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users. | ||||
| CVE-2018-17499 | 1 Envoy | 1 Passport | 2024-09-16 | N/A |
| Envoy Passport for Android and Envoy Passport for iPhone could allow a local attacker to obtain sensitive information, caused by the storing of unencrypted data in logs. An attacker could exploit this vulnerability to obtain two API keys, a token and other sensitive information. | ||||
| CVE-2019-0004 | 1 Juniper | 3 Advanced Threat Prevention, Atp400, Atp700 | 2024-09-16 | 5.5 Medium |
| On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue affects Juniper ATP 5.0 versions prior to 5.0.3. | ||||
| CVE-2023-4380 | 1 Redhat | 6 Ansible Automation Platform, Ansible Automation Platform Developer, Ansible Automation Platform Inside and 3 more | 2024-09-16 | 6.3 Medium |
| A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability. | ||||
| CVE-2023-6802 | 1 Github | 1 Enterprise Server | 2024-09-13 | 7.2 High |
| An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. To exploit this, an attacker would need access to the log files for the GitHub Enterprise Server appliance, a backup archive created with GitHub Enterprise Server Backup Utilities, or a service which received streamed logs. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | ||||