ReportizFlow
Filtered by vendor
Subscriptions
Total
854 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-6157 | 2 Ibm, Lenovo | 84 Bladecenter Hs22, Bladecenter Hs22 Firmware, Bladecenter Hs23 and 81 more | 2024-11-21 | N/A |
| In various firmware versions of Lenovo System x, the integrated management module II (IMM2)'s first failure data capture (FFDC) includes the web server's private key in the generated log file for support. | ||||
| CVE-2019-5634 | 1 Belwith-keeler | 1 Hickory Smart | 2024-11-21 | N/A |
| An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and direct connections to the lock via Bluetooth Low Energy (BLE) from the mobile application are logged in a debug log on the Android device at HickorySmartLog/Logs/SRDeviceLog.txt. This information was found stored in the Android device's default USB or SDcard storage paths and is accessible without rooting the device. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions. | ||||
| CVE-2019-5532 | 1 Vmware | 1 Vcenter Server | 2024-11-21 | 7.7 High |
| VMware vCenter Server (6.7.x prior to 6.7 U3, 6.5 prior to 6.5 U3 and 6.0 prior to 6.0 U3j) contains an information disclosure vulnerability due to the logging of credentials in plain-text for virtual machines deployed through OVF. A malicious user with access to the log files containing vCenter OVF-properties of a virtual machine deployed from an OVF may be able to view the credentials used to deploy the OVF (typically the root account of the virtual machine). | ||||
| CVE-2019-4706 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2024-11-21 | 2.7 Low |
| IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016. | ||||
| CVE-2019-4572 | 1 Ibm | 1 Filenet Content Manager | 2024-11-21 | 4.4 Medium |
| IBM FileNet Content Manager 5.5.2 and 5.5.3 in specific configurations, could log the web service user credentials into a log file that could be accessed by an administrator on the local machine. IBM X-Force ID: 166798. | ||||
| CVE-2019-4299 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-11-21 | 5.5 Medium |
| IBM Robotic Process Automation with Automation Anywhere 11 could allow a local user to obtain highly sensitive information from log files when debugging is enabled. IBM X-Force ID: 160765. | ||||
| CVE-2019-4296 | 1 Ibm | 1 Robotic Process Automation With Automation Anywhere | 2024-11-21 | 3.3 Low |
| IBM Robotic Process Automation with Automation Anywhere 11 information disclosure could allow a local user to obtain e-mail contents from the client debug log file. IBM X-Force ID: 160759. | ||||
| CVE-2019-4286 | 1 Ibm | 1 Maximo Anywhere | 2024-11-21 | 4.3 Medium |
| IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160514. | ||||
| CVE-2019-4284 | 1 Ibm | 1 Cloud Private | 2024-11-21 | 4.4 Medium |
| IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as another user. IBM X-Force ID: 160512. | ||||
| CVE-2019-4225 | 1 Ibm | 1 Pureapplication System | 2024-11-21 | 4.4 Medium |
| IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242. | ||||
| CVE-2019-4143 | 1 Ibm | 1 Cloud Private | 2024-11-21 | N/A |
| The IBM Cloud Private Key Management Service (IBM Cloud Private 3.1.1 and 3.1.2) could allow a local user to obtain sensitive from the KMS plugin container log. IBM X-Force ID: 158348. | ||||
| CVE-2019-4008 | 1 Ibm | 1 Api Connect | 2024-11-21 | 9.8 Critical |
| API Connect V2018.1 through 2018.4.1.1 is impacted by access token leak. Authorization tokens in some URLs can result in the tokens being written to log files. IBM X-Force ID: 155626. | ||||
| CVE-2019-3891 | 1 Redhat | 2 Satellite, Satellite Capsule | 2024-11-21 | 7.8 High |
| It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates. | ||||
| CVE-2019-3888 | 2 Netapp, Redhat | 10 Active Iq Unified Manager, Enterprise Linux, Jboss Data Grid and 7 more | 2024-11-21 | 9.8 Critical |
| A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange) | ||||
| CVE-2019-3830 | 2 Openstack, Redhat | 2 Ceilometer, Openstack | 2024-11-21 | 7.8 High |
| A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated. | ||||
| CVE-2019-3763 | 1 Dell | 2 Rsa Identity Governance And Lifecycle, Rsa Via Lifecycle And Governance | 2024-11-21 | 8.8 High |
| The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks. | ||||
| CVE-2019-3716 | 1 Rsa | 1 Archer Grc Platform | 2024-11-21 | 7.8 High |
| RSA Archer versions, prior to 6.5 SP2, contain an information exposure vulnerability. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks. | ||||
| CVE-2019-3715 | 1 Rsa | 1 Archer Grc Platform | 2024-11-21 | N/A |
| RSA Archer versions, prior to 6.5 SP1, contain an information exposure vulnerability. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. | ||||
| CVE-2019-3649 | 1 Mcafee | 1 Advanced Threat Defense | 2024-11-21 | 5.3 Medium |
| Information Disclosure vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.8 allows remote authenticated attackers to gain access to hashed credentials via carefully constructed POST request extracting incorrectly recorded data from log files. | ||||
| CVE-2019-3500 | 4 Aria2 Project, Canonical, Debian and 1 more | 4 Aria2, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | 7.8 High |
| aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. | ||||