CWE-532
Insertion of Sensitive Information into Log File
Description
The product writes sensitive information to a log file.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-215
CVEs mapped to this weakness (485)
page 9 of 25| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-43225 | Med | 0.36 | 5.5 | 0.00 | Jul 30, 2025 | A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data. | ||
| CVE-2025-31199 | Med | 0.36 | 5.5 | 0.00 | May 29, 2025 | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.8.2, visionOS 2.4. An app may be able to access sensitive user data. | ||
| CVE-2025-2300 | Med | 0.36 | 5.5 | 0.00 | Apr 22, 2025 | Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability. This issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00. | ||
| CVE-2025-0736 | Med | 0.36 | 5.5 | 0.00 | Jan 28, 2025 | A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and… | ||
| CVE-2024-54519 | Med | 0.36 | 5.5 | 0.00 | Jan 27, 2025 | The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. An app may be able to read sensitive location information. | ||
| CVE-2024-11923 | Med | 0.36 | 5.5 | 0.00 | Jan 18, 2025 | Under certain log settings the IAM or CORE service will log credentials in the iam logfile in Fortra Application Hub (Formerly named Helpsystems One) prior to version 1.3 | ||
| CVE-2024-44239 | Med | 0.36 | 5.5 | 0.00 | Oct 28, 2024 | An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS… | ||
| CVE-2024-44205 | Med | 0.36 | 5.5 | 0.00 | Oct 24, 2024 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A sandboxed app may be able to access sensitive user… | ||
| CVE-2024-44166 | Med | 0.36 | 5.5 | 0.00 | Sep 17, 2024 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access user-sensitive data. | ||
| CVE-2024-43781 | Med | 0.36 | 5.5 | 0.00 | Sep 10, 2024 | A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D sl V4 (All versions < V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6), SINUMERIK ONE (All versions < V6.23 in connection with using Create MyConfig (CMC)… | ||
| CVE-2023-6814 | Med | 0.36 | 5.6 | 0.00 | Mar 12, 2024 | Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before… | ||
| CVE-2018-1768 | Med | 0.36 | 5.6 | 0.00 | Sep 26, 2018 | IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622. | ||
| CVE-2018-6599 | Med | 0.36 | 5.5 | 0.00 | Aug 29, 2018 | An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by reading a copy of the Android log on the SD card. The system-wide Android logs are not… | ||
| CVE-2018-7754 | Med | 0.36 | 5.5 | 0.00 | Aug 10, 2018 | The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file. | ||
| CVE-2017-2621 | Med | 0.36 | 5.5 | 0.00 | Jul 27, 2018 | An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. | ||
| CVE-2015-3243 | Med | 0.36 | 5.5 | 0.00 | Jul 25, 2017 | rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron. | ||
| CVE-2016-9985 | Med | 0.36 | 5.5 | 0.00 | Mar 8, 2017 | IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671. | ||
| CVE-2017-5549 | Med | 0.36 | 5.5 | 0.00 | Feb 6, 2017 | The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log. | ||
| CVE-2016-4443 | Med | 0.36 | 5.5 | 0.00 | Dec 14, 2016 | Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file. | ||
| CVE-2016-5967 | Med | 0.36 | 5.5 | 0.00 | Nov 25, 2016 | The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs. |
- risk 0.36cvss 5.5epss 0.00
A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data.
- risk 0.36cvss 5.5epss 0.00
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.8.2, visionOS 2.4. An app may be able to access sensitive user data.
- risk 0.36cvss 5.5epss 0.00
Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability. This issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00.
- risk 0.36cvss 5.5epss 0.00
A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and…
- risk 0.36cvss 5.5epss 0.00
The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. An app may be able to read sensitive location information.
- risk 0.36cvss 5.5epss 0.00
Under certain log settings the IAM or CORE service will log credentials in the iam logfile in Fortra Application Hub (Formerly named Helpsystems One) prior to version 1.3
- risk 0.36cvss 5.5epss 0.00
An information disclosure issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1, tvOS 18.1, visionOS 2.1, watchOS…
- risk 0.36cvss 5.5epss 0.00
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A sandboxed app may be able to access sensitive user…
- risk 0.36cvss 5.5epss 0.00
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14.7, macOS Ventura 13.7. An app may be able to access user-sensitive data.
- risk 0.36cvss 5.5epss 0.00
A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D sl V4 (All versions < V4.95 SP3 in connection with using Create MyConfig (CMC) <= V4.8 SP1 HF6), SINUMERIK ONE (All versions < V6.23 in connection with using Create MyConfig (CMC)…
- risk 0.36cvss 5.6epss 0.00
Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before…
- risk 0.36cvss 5.6epss 0.00
IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an instrumentation log file. IBM X-Force ID: 148622.
- risk 0.36cvss 5.5epss 0.00
An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by reading a copy of the Android log on the SD card. The system-wide Android logs are not…
- risk 0.36cvss 5.5epss 0.00
The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file.
- risk 0.36cvss 5.5epss 0.00
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
- risk 0.36cvss 5.5epss 0.00
rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.
- risk 0.36cvss 5.5epss 0.00
IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.
- risk 0.36cvss 5.5epss 0.00
The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log.
- risk 0.36cvss 5.5epss 0.00
Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.
- risk 0.36cvss 5.5epss 0.00
The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs.