VYPR

CWE-532

Insertion of Sensitive Information into Log File

BaseIncompleteLikelihood: Medium

Description

The product writes sensitive information to a log file.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-215

CVEs mapped to this weakness (485)

page 15 of 25
  • CVE-2017-9278LowMar 2, 2018
    risk 0.22cvss 3.3epss 0.01

    The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables.

  • CVE-2017-7434LowMar 2, 2018
    risk 0.22cvss 3.3epss 0.01

    In the JDBC driver of NetIQ Identity Manager before 4.6 sending out incorrect XML configurations could result in passwords being logged into exception logfiles.

  • CVE-2026-42282MedMay 8, 2026
    risk 0.21cvss 4.3epss 0.00

    n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.13, when n8n-mcp runs in HTTP transport mode, authenticated MCP tools/call requests had their full arguments and JSON-RPC params written to…

  • CVE-2026-21791LowMar 10, 2026
    risk 0.21cvss 3.3epss 0.00

    HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL

  • CVE-2026-20663LowFeb 11, 2026
    risk 0.21cvss 3.3epss 0.00

    The issue was resolved by sanitizing logging. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to enumerate a user's installed apps.

  • CVE-2025-46277LowDec 17, 2025
    risk 0.21cvss 3.3epss 0.00

    A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, watchOS 26.2. An app may be able to access a user’s Safari history.

  • CVE-2025-43517LowDec 12, 2025
    risk 0.21cvss 3.3epss 0.00

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data.

  • CVE-2024-58269MedOct 29, 2025
    risk 0.21cvss 4.3epss 0.00

    A vulnerability has been identified in Rancher Manager, where sensitive information, including secret data, cluster import URLs, and registration tokens, is exposed to any entity with access to Rancher audit logs.

  • CVE-2025-24520LowAug 12, 2025
    risk 0.21cvss 3.3epss 0.00

    Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2514.7.16.0 may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2025-46614LowApr 28, 2025
    risk 0.21cvss 3.3epss 0.00

    In Snowflake ODBC Driver before 3.7.0, in certain code paths, the Driver logged the whole SQL query at the INFO level, aka Insertion of Sensitive Information into a Log File.

  • CVE-2025-24145LowJan 27, 2025
    risk 0.21cvss 3.3epss 0.00

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. An app may be able to view a contact's phone number in system logs.

  • CVE-2024-40791LowSep 17, 2024
    risk 0.21cvss 3.3epss 0.00

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access information about a user's contacts.

  • CVE-2023-27502LowMar 14, 2024
    risk 0.21cvss 3.3epss 0.00

    Insertion of sensitive information into log file for some Intel(R) Local Manageability Service software before version 2316.5.1.2 may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2024-23242LowMar 8, 2024
    risk 0.21cvss 3.3epss 0.00

    A privacy issue was addressed by not logging contents of text fields. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to view Mail data.

  • CVE-2024-23210LowJan 23, 2024
    risk 0.21cvss 3.3epss 0.00

    This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. An app may be able to view a user's phone number in system logs.

  • CVE-2018-10889MedJul 10, 2018
    risk 0.21cvss 4.3epss 0.02

    A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester.

  • CVE-2017-9271LowMar 1, 2018
    risk 0.21cvss 3.3epss 0.00

    The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.

  • CVE-2018-5693LowJan 14, 2018
    risk 0.21cvss 3.3epss 0.00

    The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog.

  • CVE-2016-0296LowFeb 1, 2017
    risk 0.21cvss 3.3epss 0.00

    IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user.

  • CVE-2016-5432LowOct 3, 2016
    risk 0.21cvss 3.3epss 0.00

    The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files.