Vulnerabilities > Information Exposure Through Log Files

DATE CVE VULNERABILITY TITLE RISK
2018-02-16 CVE-2018-3609 Information Exposure Through Log Files vulnerability in Trendmicro Interscan Messaging Security Virtual Appliance 9.0/9.1
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations.
network
high complexity
trendmicro CWE-532
8.1
2018-02-14 CVE-2018-2372 Information Exposure Through Log Files vulnerability in SAP Hana Extended Application Services 1.0
A plain keystore password is written to a system log file in SAP HANA Extended Application Services, 1.0, which could endanger confidentiality of SSL communication.
network
low complexity
sap CWE-532
6.5
2018-02-09 CVE-2018-1000060 Information Exposure Through Log Files vulnerability in Sensu Core
Sensu, Inc.
network
low complexity
sensu CWE-532
critical
9.8
2018-01-24 CVE-2018-1000018 Information Exposure Through Log Files vulnerability in Ovirt Ovirt-Hosted-Engine-Setup
An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file.
local
low complexity
ovirt CWE-532
7.8
2018-01-14 CVE-2018-5693 Information Exposure Through Log Files vulnerability in Linuxmagic Magicspam 2.0.34
The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog.
local
low complexity
linuxmagic CWE-532
3.3
2018-01-04 CVE-2017-1727 Information Exposure Through Log Files vulnerability in IBM Security KEY Lifecycle Manager
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system.
network
low complexity
ibm CWE-532
4.3
2017-12-21 CVE-2017-6139 Information Exposure Through Log Files vulnerability in F5 Big-Ip Access Policy Manager 12.1.2/13.0.0
In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests.
network
high complexity
f5 CWE-532
5.9
2017-11-28 CVE-2017-8001 Information Exposure Through Log Files vulnerability in Dell EMC Scaleio
An issue was discovered in EMC ScaleIO 2.0.1.x.
local
low complexity
dell CWE-532
8.4
2017-11-25 CVE-2017-16946 Information Exposure Through Log Files vulnerability in Misp 2.4.82
The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.
network
low complexity
misp CWE-532
4.9
2017-11-03 CVE-2017-1000171 Information Exposure Through Log Files vulnerability in Mahara Mobile 1.2.0
Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.
network
low complexity
mahara CWE-532
critical
9.8