Vulnerabilities (CVE)

Filtered by CWE-532
Total 796 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-0898 1 Vmware 1 Pivotal Software Mysql 2024-02-28 5.0 MEDIUM 10.0 CRITICAL
MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.
CVE-2017-7434 1 Netiq 1 Identity Manager 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles.
CVE-2018-7683 1 Microfocus 1 Solutions Business Manager 2024-02-28 5.0 MEDIUM 7.5 HIGH
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.
CVE-2018-1349 1 Netiq 1 Identity Manager 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration.
CVE-2017-1480 1 Ibm 3 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.
CVE-2018-1000123 1 Ionicframework 1 Ios Keychain 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Ionic Team Cordova plugin iOS Keychain version before commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf contains an Information Exposure Through Log Files (CWE-532) vulnerability in CDVKeychain.m that can result in login, password and other sensitive data leakage. This attack appear to be exploitable via Attacker must have access to victim's iOS logs. This vulnerability appears to have been fixed in after commit 18233ca25dfa92cca018b9c0935f43f78fd77fbf.
CVE-2018-1350 1 Netiq 1 Identity Manager 2024-02-28 5.0 MEDIUM 5.3 MEDIUM
The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration.
CVE-2018-7682 1 Microfocus 1 Solutions Business Manager 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
CVE-2018-1241 1 Emc 2 Recoverpoint, Recoverpoint For Virtual Machines 2024-02-28 4.0 MEDIUM 8.8 HIGH
Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP password to use it in further attacks.
CVE-2018-1000018 1 Ovirt 1 Ovirt-hosted-engine-setup 2024-02-28 2.1 LOW 7.8 HIGH
An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file.
CVE-2018-3609 1 Trendmicro 1 Interscan Messaging Security Virtual Appliance 2024-02-28 4.3 MEDIUM 8.1 HIGH
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.
CVE-2017-9278 1 Netiq 1 Identity Manager 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.
CVE-2018-2372 1 Sap 1 Hana Extended Application Services 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication.
CVE-2018-10855 3 Canonical, Debian, Redhat 6 Ubuntu Linux, Debian Linux, Ansible Engine and 3 more 2024-02-28 4.3 MEDIUM 5.9 MEDIUM
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.
CVE-2017-3744 2 Ibm, Lenovo 47 Bladecenter Hs22, Bladecenter Hs23, Bladecenter Hs23e and 44 more 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
In the IMM2 firmware of Lenovo System x servers, remote commands issued by LXCA or other utilities may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated when that remote command is running. Captured command data may contain clear text login information. Authorized users that can capture and export FFDC service log data may have access to these remote commands.
CVE-2017-15366 1 Ndocsoftware 1 Ndoc 2024-02-28 10.0 HIGH 9.8 CRITICAL
Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system access to client devices (if no firewall is present) or the NDoc server itself. Once the password is known to an attacker, local access is not required.
CVE-2017-0380 1 Torproject 1 Tor 2024-02-28 4.3 MEDIUM 5.9 MEDIUM
The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit.
CVE-2017-1727 1 Ibm 1 Security Key Lifecycle Manager 2024-02-28 4.0 MEDIUM 4.3 MEDIUM
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.
CVE-2018-5693 1 Linuxmagic 1 Magicspam 2024-02-28 2.1 LOW 3.3 LOW
The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog.
CVE-2017-1000171 1 Mahara 1 Mahara Mobile 2024-02-28 5.0 MEDIUM 9.8 CRITICAL
Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.