VYPR

CWE-532

Insertion of Sensitive Information into Log File

BaseIncompleteLikelihood: Medium

Description

The product writes sensitive information to a log file.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-215

CVEs mapped to this weakness (485)

page 2 of 25
  • CVE-2024-6060CriJun 25, 2024
    risk 0.60cvss epss 0.00

    An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.

  • CVE-2025-6391CriJul 17, 2025
    risk 0.59cvss 9.1epss 0.00

    Brocade ASCG before 3.3.0 logs JSON Web Tokens (JWT) in log files. An attacker with access to the log files can withdraw the unencrypted tokens with security implications, such as unauthorized access, session hijacking, and information disclosure.

  • CVE-2018-15763CriOct 5, 2018
    risk 0.59cvss 9.0epss 0.01

    Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. A malicious user with access to application logs may be able to obtain IaaS credentials and perform actions using these…

  • CVE-2018-1264CriOct 5, 2018
    risk 0.59cvss 9.1epss 0.02

    Cloud Foundry Log Cache, versions prior to 1.1.1, logs its UAA client secret on startup as part of its envstruct report. A remote attacker who has gained access to the Log Cache VM can read this secret, gaining all privileges held by the Log Cache UAA client. In the worst case,…

  • CVE-2026-43992CriMay 12, 2026
    risk 0.57cvss 9.8epss 0.00

    JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accepted 'mnemonic: string' as an explicit tool-call parameter. The BIP-39 seed was…

  • CVE-2026-28923HigMay 11, 2026
    risk 0.57cvss 8.8epss 0.00

    A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its sandbox.

  • CVE-2020-36876HigDec 5, 2025
    risk 0.57cvss epss 0.00

    ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and…

  • CVE-2024-34706CriMay 14, 2024
    risk 0.57cvss 9.8epss 0.01

    Valtimo is an open source business process and case management platform. When opening a form in Valtimo, the access token (JWT) of the user is exposed to `api.form.io` via the the `x-jwt-token` header. An attacker can retrieve personal information from this token, or use it to…

  • CVE-2018-1223HigSep 17, 2018
    risk 0.57cvss 8.8epss 0.01

    Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs. A malicious user with the ability to read the application logs could use these credentials to escalate privileges.

  • CVE-2018-1198HigSep 17, 2018
    risk 0.57cvss 8.8epss 0.01

    Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges using this password.

  • CVE-2018-1241HigMay 29, 2018
    risk 0.57cvss 8.8epss 0.02

    Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain…

  • CVE-2017-7550CriNov 21, 2017
    risk 0.57cvss 9.8epss 0.04

    A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive information from a remote host's logs. This flaw was fixed by not allowing passwords…

  • CVE-2017-7214CriMar 21, 2017
    risk 0.57cvss 9.8epss 0.02

    An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization…

  • CVE-2026-0207HigApr 14, 2026
    risk 0.55cvss epss 0.00

    A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions.

  • CVE-2026-4788HigApr 8, 2026
    risk 0.55cvss 8.4epss 0.00

    IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.37 stores sensitive information in log files that could be read by a local user.

  • CVE-2024-42407HigDec 12, 2024
    risk 0.55cvss 8.5epss 0.00

    Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information to which they have not been granted access. This issue affects: Command Centre…

  • CVE-2017-8001HigNov 28, 2017
    risk 0.55cvss 8.4epss 0.00

    An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with…

  • CVE-2024-30151HigMay 6, 2026
    risk 0.54cvss 8.3epss 0.00

    HCL BigFix Service Management (SX) is affected by a Broken Access Control vulnerability leading to privilege escalation. This could allow unauthorized users to gain elevated privileges, bypassing intended access restrictions. This may result in exposure of sensitive data or…

  • CVE-2018-3609HigFeb 16, 2018
    risk 0.54cvss 8.1epss 0.22

    A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.

  • CVE-2026-50205HigJun 4, 2026
    risk 0.53cvss 8.2epss 0.00

    System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data.