VYPR

CWE-532

Insertion of Sensitive Information into Log File

BaseIncompleteLikelihood: Medium

Description

The product writes sensitive information to a log file.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-215

CVEs mapped to this weakness (485)

page 1 of 25
  • CVE-2018-11716CriJul 16, 2018
    risk 0.65cvss 9.8epss 0.14

    An issue was discovered in Zoho ManageEngine Desktop Central before 100230. There is unauthenticated remote access to all log files of a Desktop Central instance containing critical information (private information such as location of enrolled devices, cleartext passwords,…

  • CVE-2016-0898CriMar 29, 2018
    risk 0.65cvss 10.0epss 0.01

    MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS access key in plaintext. These credentials were logged to the Service Backup component logs, and not the system log, thus were not exposed outside the Service Backup VM.

  • CVE-2026-49200CriMay 29, 2026
    risk 0.64cvss 9.8epss 0.01

    The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized system access.

  • CVE-2025-11008CriNov 4, 2025
    risk 0.64cvss 9.8epss 0.00

    The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. This makes it possible for unauthenticated attackers to extract sensitive data including authentication credentials, which can be…

  • CVE-2024-48852CriJan 29, 2025
    risk 0.64cvss 9.4epss 0.02

    Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access. This issue affects FLXEON through <= 9.3.4.

  • CVE-2022-36407CriMar 25, 2024
    risk 0.64cvss 9.9epss 0.01

    Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual Storage Platform 5100, 5500, 5100H,…

  • CVE-2018-16049CriOct 3, 2018
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.0.6, 11.1.x before 11.1.5, and 11.2.x before 11.2.2. There is Sensitive Data Disclosure in Sidekiq Logs through an Error Message.

  • CVE-2018-11717CriJul 16, 2018
    risk 0.64cvss 9.8epss 0.09

    An issue was discovered in Zoho ManageEngine Desktop Central before 100251. By leveraging access to a log file, a context-dependent attacker can obtain (depending on the modules configured) the Base64 encoded Password/Username of AD accounts, the cleartext Password/Username and…

  • CVE-2018-0042CriJul 11, 2018
    risk 0.64cvss 9.8epss 0.01

    Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability.

  • CVE-2018-11320CriMay 21, 2018
    risk 0.64cvss 9.8epss 0.01

    In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.

  • CVE-2017-1000171CriNov 3, 2017
    risk 0.64cvss 9.8epss 0.01

    Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.

  • CVE-2017-15366CriOct 26, 2017
    risk 0.64cvss 9.8epss 0.01

    Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client installation on laptops. This password can be used to gain full admin/system…

  • CVE-2017-6165CriOct 20, 2017
    risk 0.64cvss 9.8epss 0.02

    In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration…

  • CVE-2017-6709CriJul 6, 2017
    risk 0.64cvss 9.8epss 0.01

    A vulnerability in the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to access administrative credentials for Cisco Elastic Services Controller (ESC) and Cisco OpenStack deployments in an affected system. The vulnerability…

  • CVE-2017-9615CriJun 26, 2017
    risk 0.64cvss 9.8epss 0.01

    Password exposure in Cognito Software Moneyworks 8.0.3 and earlier allows attackers to gain administrator access to all data, because verbose logging writes the administrator password to a world-readable file.

  • CVE-2017-4955CriJun 13, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications errand in the PCF Elastic…

  • CVE-2017-8075CriApr 23, 2017
    risk 0.64cvss 9.8epss 0.02

    On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "Switch Info" log lines where passwords are in cleartext. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

  • CVE-2017-8074CriApr 23, 2017
    risk 0.64cvss 9.8epss 0.02

    On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credentials from "SEND data" log lines where passwords are encoded in hexadecimal. This affects the 1.1.2 Build 20141017 Rel.50749 firmware.

  • CVE-2016-8233CriMar 1, 2017
    risk 0.64cvss 9.8epss 0.01

    Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.

  • CVE-2025-7426CriAug 25, 2025
    risk 0.60cvss epss 0.00

    Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP…