Vulnerabilities > Information Exposure Through Log Files
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-09 | CVE-2019-11292 | Information Exposure Through Log Files vulnerability in Pivotal Software Operations Manager Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2.5.24, 2.6.x prior to 2.6.16, and 2.7.x prior to 2.7.5, logs all query parameters to tomcat’s access file. | 6.5 |
| 2019-12-23 | CVE-2019-3429 | Information Exposure Through Log Files vulnerability in ZTE Zxcloud Goldendata VAP Zxivsvapportalxzgav4.01.01.02 All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. | 5.3 |
| 2019-12-23 | CVE-2019-19150 | Information Exposure Through Log Files vulnerability in F5 Big-Ip Access Policy Manager On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, the BIG-IP APM system logs the client-session-id when a per-session policy is attached to the virtual server with debug logging enabled. | 4.9 |
| 2019-12-17 | CVE-2019-15235 | Information Exposure Through Log Files vulnerability in Control-Webpanel Webpanel 0.9.8.856/0.9.8.864 CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim's password (for the OS and phpMyAdmin) via an attacker account. | 6.5 |
| 2019-12-17 | CVE-2019-14782 | Information Exposure Through Log Files vulnerability in Control-Webpanel Webpanel 0.9.8.856/0.9.8.864 CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a request to extract the victim's password (for the OS and phpMyAdmin) via an attacker account. | 6.5 |
| 2019-12-15 | CVE-2014-3536 | Information Exposure Through Log Files vulnerability in Redhat Cloudforms Management Engine 5.0 CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration | 5.5 |
| 2019-12-12 | CVE-2019-10695 | Information Exposure Through Log Files vulnerability in Puppet Continuous Delivery When using the cd4pe::root_configuration task to configure a Continuous Delivery for PE installation, the root user’s username and password were exposed in the job’s Job Details pane in the PE console. | 6.5 |
| 2019-12-06 | CVE-2019-11293 | Information Exposure Through Log Files vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry UAA Release, versions prior to v74.10.0, when set to logging level DEBUG, logs client_secret credentials when sent as a query parameter. | 6.5 |
| 2019-11-27 | CVE-2019-10195 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. | 6.5 |
| 2019-11-26 | CVE-2019-11290 | Information Exposure Through Log Files vulnerability in Cloudfoundry Cf-Deployment Cloud Foundry UAA Release, versions prior to v74.8.0, logs all query parameters to tomcat’s access file. | 7.5 |