Total
804 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7599 | 1 Gradle | 1 Plugin Publishing | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logger logs an AWS pre-signed URL. If this build log is publicly visible (as it is in many popular public CI systems like TravisCI) this AWS pre-signed URL would allow a malicious actor to replace a recently uploaded plugin with their own. | |||||
| CVE-2020-7215 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any authenticated operator with the 'view events' privilege could see the full configuration, including cleartext usernames and passwords, under the event details of a Modified DVR System event. | |||||
| CVE-2020-7021 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details. | |||||
| CVE-2020-6938 | 3 Linux, Microsoft, Tableau | 3 Linux Kernel, Windows, Tableau Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files. | |||||
| CVE-2020-6653 | 1 Eaton | 1 Secureconnect | 2024-11-21 | 2.1 LOW | 3.8 LOW |
| Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the information to monitor and control the user's account and associated devices. | |||||
| CVE-2020-6317 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 2.7 LOW | 3.5 LOW |
| In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0. | |||||
| CVE-2020-6295 | 1 Sap | 1 Adaptive Server Enterprise | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to view, modify and/or make unavailable any data associated with the Cockpit, leading to Information Disclosure. | |||||
| CVE-2020-6224 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 3.5 LOW | 6.2 MEDIUM |
| SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure. | |||||
| CVE-2020-5908 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files. | |||||
| CVE-2020-5414 | 1 Vmware | 2 Operations Manager, Tanzu Application Service For Virtual Machines | 2024-11-21 | 6.0 MEDIUM | 5.7 MEDIUM |
| VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators. | |||||
| CVE-2020-5400 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials. | |||||
| CVE-2020-5389 | 1 Dell | 1 Emc Openmanage Integration For Microsoft System Center | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an information disclosure vulnerability. Authenticated low privileged OMIMSCC users may be able to retrieve sensitive information from the logs. | |||||
| CVE-2020-5225 | 1 Simplesamlphp | 1 Simplesamlphp | 2024-11-21 | 5.5 MEDIUM | 4.4 MEDIUM |
| Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content. | |||||
| CVE-2020-4900 | 1 Ibm | 1 Business Automation Workflow | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991. | |||||
| CVE-2020-4671 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284. | |||||
| CVE-2020-4498 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118. | |||||
| CVE-2020-4477 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779. | |||||
| CVE-2020-4405 | 1 Ibm | 1 Verify Gateway | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484. | |||||
| CVE-2020-4083 | 1 Hcltech | 1 Connections | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a local user. | |||||
| CVE-2020-3930 | 1 Geovision | 2 Gv-gf192x, Gv-gf192x Firmware | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs. | |||||