VYPR

CWE-532

Insertion of Sensitive Information into Log File

BaseIncompleteLikelihood: Medium

Description

The product writes sensitive information to a log file.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-215

CVEs mapped to this weakness (485)

page 14 of 25
  • CVE-2024-0006MedJul 19, 2024
    risk 0.28cvss epss 0.00

    Information exposure in the logging system in Yugabyte Platform allows local attackers with access to application logs to obtain database user credentials in log files, potentially leading to unauthorized database access.

  • CVE-2017-1480MedJun 6, 2018
    risk 0.28cvss 4.3epss 0.02

    IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617.

  • CVE-2017-1727MedJan 4, 2018
    risk 0.28cvss 4.3epss 0.01

    IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.

  • CVE-2016-8912MedFeb 1, 2017
    risk 0.28cvss 4.3epss 0.01

    IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.

  • CVE-2016-2928MedNov 25, 2016
    risk 0.28cvss 4.3epss 0.01

    IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs.

  • CVE-2026-41495MedMay 8, 2026
    risk 0.27cvss 5.3epss 0.00

    n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests to the POST /mcp endpoint had their request metadata written to server logs…

  • CVE-2026-33558MedApr 20, 2026
    risk 0.27cvss 5.3epss 0.01

    Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the…

  • CVE-2025-10645MedOct 7, 2025
    risk 0.27cvss 5.3epss 0.00

    The WP Reset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.05 via the WF_Licensing::log() method when debugging is enabled (default). This makes it possible for unauthenticated attackers to extract sensitive license…

  • CVE-2025-42935MedAug 12, 2025
    risk 0.27cvss 4.1epss 0.00

    The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the…

  • CVE-2024-9621MedOct 8, 2024
    risk 0.27cvss 5.3epss 0.01

    A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and…

  • CVE-2024-40636MedJul 17, 2024
    risk 0.27cvss 5.3epss 0.00

    Steeltoe is an open source project that provides a collection of libraries that helps users build production-grade cloud-native applications using externalized configuration, service discovery, distributed tracing, application management, and more. When utilizing multiple Eureka…

  • CVE-2025-24884MedJan 29, 2025
    risk 0.26cvss epss 0.00

    kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is…

  • CVE-2024-31216MedMay 15, 2024
    risk 0.26cvss 5.1epss 0.00

    The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps…

  • CVE-2017-1733MedApr 4, 2018
    risk 0.26cvss 4.0epss 0.00

    IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914.

  • CVE-2026-34164MedApr 16, 2026
    risk 0.25cvss 4.9epss 0.00

    Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox messages can contain highly sensitive information including personal data…

  • CVE-2025-3456LowAug 25, 2025
    risk 0.25cvss 3.8epss 0.00

    On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be…

  • CVE-2025-32016MedApr 9, 2025
    risk 0.24cvss 4.7epss 0.00

    Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform (formerly Azure AD v2.0 endpoint) and AAD B2C. This vulnerability affects confidential client applications,…

  • CVE-2024-31254LowApr 10, 2024
    risk 0.24cvss 3.7epss 0.00

    Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7.

  • CVE-2026-41004MedMay 7, 2026
    risk 0.22cvss 4.4epss 0.00

    When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x:…

  • CVE-2024-41129MedJul 22, 2024
    risk 0.22cvss 4.4epss 0.00

    The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju (>=3.0), Juju secrets and not correctly…