VYPR

CWE-532

Insertion of Sensitive Information into Log File

BaseIncompleteLikelihood: Medium

Description

The product writes sensitive information to a log file.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-215

CVEs mapped to this weakness (485)

page 3 of 25
  • CVE-2026-25193HigMay 25, 2026
    risk 0.53cvss 8.1epss 0.00

    Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account credentials exposure.  Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account (not the default Network…

  • CVE-2025-54120CriJul 23, 2025
    risk 0.53cvss epss 0.00

    PCL (Plain Craft Launcher) Community Edition is a Minecraft launcher. In PCL CE versions 2.12.0-beta.5 to 2.12.0-beta.9, the login credentials used during the third-party login process are accidentally recorded in the local log file. Although the log file is not automatically…

  • CVE-2024-43444HigAug 26, 2024
    risk 0.53cvss 8.2epss 0.00

    Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: * OTRS from 7.0.X through…

  • CVE-2018-3827HigSep 19, 2018
    risk 0.53cvss 8.1epss 0.01

    A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. When the repository-azure plugin is set to log at TRACE level Azure credentials can be inadvertently logged.

  • CVE-2018-12604HigJun 20, 2018
    risk 0.53cvss 7.5epss 0.13

    GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_day.log.

  • CVE-2026-40619HigJun 2, 2026
    risk 0.51cvss 7.8epss 0.00

    A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is…

  • CVE-2026-28261HigApr 8, 2026
    risk 0.51cvss 7.8epss 0.00

    Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale, versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this…

  • CVE-2024-12569HigDec 19, 2024
    risk 0.51cvss 7.8epss 0.00

    Disclosure of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under specific conditions.

  • CVE-2018-6971HigJul 25, 2018
    risk 0.51cvss 7.8epss 0.00

    VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent…

  • CVE-2018-0335HigJun 7, 2018
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauthenticated, local attacker to view sensitive data. The vulnerability is due to improper logging of authentication data. An attacker could exploit this…

  • CVE-2018-1000018HigJan 24, 2018
    risk 0.51cvss 7.8epss 0.00

    An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file.

  • CVE-2017-5153HigFeb 13, 2017
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service…

  • CVE-2026-40945HigApr 21, 2026
    risk 0.50cvss epss 0.00

    Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation…

  • CVE-2024-52940HigNov 18, 2024
    risk 0.50cvss 7.5epss 0.01

    AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID.

  • CVE-2026-8671HigMay 22, 2026
    risk 0.49cvss 7.5epss 0.00

    Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0.

  • CVE-2026-20239HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.00

    In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a role that has access to the `_internal` index could view session cookies and response bodies that contain…

  • CVE-2026-28987HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to leak sensitive kernel state.

  • CVE-2026-28943HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to determine kernel memory layout.

  • CVE-2025-67223HigApr 28, 2026
    risk 0.49cvss 7.5epss 0.01

    The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthenticated remote attackers to obtain direct virtual paths of uploaded files and…

  • CVE-2026-23775HigApr 17, 2026
    risk 0.49cvss 7.6epss 0.00

    Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of sensitive information into log file vulnerability. A low privileged attacker…