ReportizFlow
Filtered by vendor
Subscriptions
Total
855 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6224 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 6.2 Medium |
| SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure. | ||||
| CVE-2020-5908 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 5.5 Medium |
| In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files. | ||||
| CVE-2020-5414 | 1 Vmware | 2 Operations Manager, Tanzu Application Service For Virtual Machines | 2024-11-21 | 5.7 Medium |
| VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators. | ||||
| CVE-2020-5400 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2024-11-21 | 6.5 Medium |
| Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to those logs may gain unauthorized access to resources protected by such credentials. | ||||
| CVE-2020-5389 | 1 Dell | 1 Emc Openmanage Integration For Microsoft System Center | 2024-11-21 | 6.5 Medium |
| Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an information disclosure vulnerability. Authenticated low privileged OMIMSCC users may be able to retrieve sensitive information from the logs. | ||||
| CVE-2020-5262 | 1 Easybuild Project | 1 Easybuild | 2024-11-21 | 7.7 High |
| In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed in EasyBuild v4.1.2, and in the `master`+ `develop` branches of the `easybuild-framework` repository. | ||||
| CVE-2020-5225 | 1 Simplesamlphp | 1 Simplesamlphp | 2024-11-21 | 4.4 Medium |
| Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content. | ||||
| CVE-2020-4900 | 1 Ibm | 1 Business Automation Workflow | 2024-11-21 | 5.5 Medium |
| IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991. | ||||
| CVE-2020-4671 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 6.5 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284. | ||||
| CVE-2020-4498 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 4.4 Medium |
| IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118. | ||||
| CVE-2020-4477 | 1 Ibm | 1 Spectrum Protect Plus | 2024-11-21 | 6.5 Medium |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779. | ||||
| CVE-2020-4405 | 1 Ibm | 1 Verify Gateway | 2024-11-21 | 4.3 Medium |
| IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484. | ||||
| CVE-2020-4083 | 1 Hcltech | 1 Connections | 2024-11-21 | 5.5 Medium |
| HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a local user. | ||||
| CVE-2020-3930 | 1 Geovision | 2 Gv-gf192x, Gv-gf192x Firmware | 2024-11-21 | 4 Medium |
| GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs. | ||||
| CVE-2020-3541 | 1 Cisco | 2 Webex Meetings, Webex Teams | 2024-11-21 | 4.4 Medium |
| A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensitive information. The vulnerability is due to unsafe logging of authentication requests by the affected software. An attacker could exploit this vulnerability by reading log files that are stored in the application directory. A successful exploit could allow the attacker to gain access to sensitive information, which could be used in further attacks. | ||||
| CVE-2020-3447 | 1 Cisco | 2 Content Security Management Appliance, Email Security Appliance | 2024-11-21 | 5.5 Medium |
| A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to excessive verbosity in certain log subscriptions. An attacker could exploit this vulnerability by accessing specific log files on an affected device. A successful exploit could allow the attacker to obtain sensitive log data, which may include user credentials. To exploit this vulnerability, the attacker would need to have valid credentials at the operator level or higher on the affected device. | ||||
| CVE-2020-3281 | 1 Cisco | 1 Digital Network Architecture Center | 2024-11-21 | 8.8 High |
| A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices. | ||||
| CVE-2020-35234 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2024-11-21 | 7.5 High |
| The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there. | ||||
| CVE-2020-2048 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 3.3 Low |
| An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.2. | ||||
| CVE-2020-2044 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 3.3 Low |
| An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command (op-command) usage but did not mask all sensitive information. The opcmdhistory.log file is removed in PAN-OS 9.1 and later PAN-OS versions. Command usage is recorded, instead, in the req_stats.log file in PAN-OS 9.1 and later PAN-OS versions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. | ||||