PT-2024-27942 · Ibm · Ibm Business Automation Workflow

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 22.0.2 through 24.0.0 Description: The issue concerns the storage of potentially sensitive information in log files under certain situations, which could be read by an authenticated user. This may lea...

APM Server 8.14.0 Security Update (ESA-2024-19)

APM Server Insertion of Sensitive Information into Log File ESA-2024-19 APM server logs contain document body from a partially failed bulk index request. For example, in case of unavailableshardsexception for a specific document, since the ES response line contains the document body, and that APM...

CVE-2024-6977

A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client:...

CVE-2024-6977

Cato Networks Windows SDP Client has a vulnerability prior to version 5.10.34 where sensitive information can be written into trace/log files, potentially enabling an account takeover. The issue requires bypassing protections that modify the tunnel token on the attacker’s system. Affected softwar...

PT-2024-38015 · Cato Networks · Cato Networks Sdp Client

Name of the Vulnerable Software and Affected Versions: Cato Networks SDP Client versions prior to 5.10.34 Description: A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack...

Elasticsearch Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessi...

Insertion Of Sensitive Information Into Log File

Steeltoe.Discovery is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to improperly masked Eureka server service URLs, which may leak credentials into logs when fetching the service registry. Attackers can use this to gain unauthorized access to sensitive...

FAQ for XenMobile 10 Migration Tool

This article provides information on frequently asked questions and answers for XenMobile 10 MDM migration tool. Contents Q: What XenMobile editions are supported with the migration tool? Q: What versions of XenMobile are supported with the migration tool? Q: Where is the XenMobile 10 migration...

CVE-2024-39532

An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information. When another user performs a specific operation, sensitive information is stored as plai...

CVE-2024-39532

An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information. When another user performs a specific operation, sensitive information is stored as plai...

CVE-2024-39532 Junos OS and Junos OS Evolved: Confidential information in logs can be accessed by another user

An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information. When another user performs a specific operation, sensitive information is stored as plai...

CVE-2024-39532 Junos OS and Junos OS Evolved: Confidential information in logs can be accessed by another user

An Insertion of Sensitive Information into Log File vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to access sensitive information. When another user performs a specific operation, sensitive information is stored as plai...

WordPress HitPay Payment Gateway for WooCommerce plugin <= 4.1.3 - Sensitive Data Exposure via Log File vulnerability

Sensitive Data Exposure via Log File vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin HitPay Payment Gateway for WooCommerce versions = 4.1.3...

CVE-2024-23194

Improper output Neutralization for Logs CWE-117 in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. This issue affects: Gallagher Command Centre v9.10 prior to vEL9.10.1268 MR1...

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved Security Vulnerabilities

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, Inc.Juniper Networks Junos OS is a network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper...

Gallagher Command Centre security breach

Gallagher Command Centre is a centralized control tool for Gallagher access control systems from Gallagher New Zealand. A security vulnerability exists in Gallagher Command Centre vEL9.10.1268 MR1 prior to v9.10, which stems from an improperly neutralized log output may give an attacker limited...

CVE-2024-37270

Insertion of Sensitive Information into Log File vulnerability in TrustedLogin TrustedLogin Vendor.This issue affects TrustedLogin Vendor: from n/a before 1.1.1...

CVE-2024-37205

Insertion of Sensitive Information into Log File vulnerability in SERVIT Software Solutions.This issue affects affiliate-toolkit: from n/a through 3.4.4...

CVE-2024-37205

CVE-2024-37205 affects the WordPress affiliate-toolkit plugin up to version 3.4.4. The issue is the insertion of sensitive information into log files, which may expose data. CVSS v3.1 base score 5.3 (Medium). Patch status in the connected data shows Patched; no exploit details are provided.

CVE-2024-37205 WordPress affiliate-toolkit plugin <= 3.4.4 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in SERVIT Software Solutions.This issue affects affiliate-toolkit: from n/a through 3.4.4...