VYPR

CWE-532

Insertion of Sensitive Information into Log File

BaseIncompleteLikelihood: Medium

Description

The product writes sensitive information to a log file.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-215

CVEs mapped to this weakness (485)

page 9 of 25
  • CVE-2025-43225MedJul 30, 2025
    risk 0.36cvss 5.5epss 0.00

    A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data.

  • CVE-2025-31199MedMay 29, 2025
    risk 0.36cvss 5.5epss 0.00

    A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.8.2, visionOS 2.4. An app may be able to access sensitive user data.

  • CVE-2025-2300MedApr 22, 2025
    risk 0.36cvss 5.5epss 0.00

    Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability. This issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00.

  • CVE-2025-0736MedJan 28, 2025
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and…

  • CVE-2024-54519MedJan 27, 2025
    risk 0.36cvss 5.5epss 0.00

    The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. An app may be able to read sensitive location information.

  • CVE-2024-11923MedJan 18, 2025
    risk 0.36cvss 5.5epss 0.00

    Under certain log settings the IAM or CORE service will log credentials in the iam logfile in Fortra Application Hub (Formerly named Helpsystems One) prior to version 1.3

  • CVE-2024-44239MedOct 28, 2024
    risk 0.36cvss 5.5epss 0.00

    An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS…

  • CVE-2024-44205MedOct 24, 2024
    risk 0.36cvss 5.5epss 0.00

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A sandboxed app may be able to access sensitive user…

  • CVE-2024-44166MedSep 17, 2024
    risk 0.36cvss 5.5epss 0.00

    A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access user-sensitive data.

  • CVE-2024-43781MedSep 10, 2024
    risk 0.36cvss 5.5epss 0.00

    A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D sl V4 (All versions < V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6), SINUMERIK ONE (All versions < V6.23 in connection with using Create MyConfig (CMC)…

  • CVE-2023-6814MedMar 12, 2024
    risk 0.36cvss 5.6epss 0.00

    Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before…

  • CVE-2018-1768MedSep 26, 2018
    risk 0.36cvss 5.6epss 0.00

    IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622.

  • CVE-2018-6599MedAug 29, 2018
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by reading a copy of the Android log on the SD card. The system-wide Android logs are not…

  • CVE-2018-7754MedAug 10, 2018
    risk 0.36cvss 5.5epss 0.00

    The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file.

  • CVE-2017-2621MedJul 27, 2018
    risk 0.36cvss 5.5epss 0.00

    An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

  • CVE-2015-3243MedJul 25, 2017
    risk 0.36cvss 5.5epss 0.00

    rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.

  • CVE-2016-9985MedMar 8, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.

  • CVE-2017-5549MedFeb 6, 2017
    risk 0.36cvss 5.5epss 0.00

    The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log.

  • CVE-2016-4443MedDec 14, 2016
    risk 0.36cvss 5.5epss 0.00

    Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.

  • CVE-2016-5967MedNov 25, 2016
    risk 0.36cvss 5.5epss 0.00

    The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs.