CVE-2021-3417

Lenovo XClarity Orchestrator (LXCO) prior to 1.2.2 stores LXCA credentials in internal logs: when LXCA is added as a Resource Manager, credentials are encoded and written to the FFDC/service log, which is only accessible to the privileged LXCO user who requested the file. No exploitation details ...

CVE-2020-8356

CVE-2020-8356 concerns Lenovo XClarity Orchestrator (LXCO) prior to version 1.2.2. The vulnerability arises because optional passwords for Syslog and SMTP forwarders are written in clear text to an internal LXCO log file; affected logs are captured in the FFDC service log. The FFDC log is generat...

CVE-2021-20269

A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. Mitigation The kexec service can be...

IBM Cloud Pak for Automation Information Disclosure Vulnerability

IBM Cloud Pak for Automation is an enterprise container cloud intelligence automation software platform that supports business users in building and running automation applications using containers on Kubernetes. An information disclosure vulnerability exists in IBM Cloud Pak for Automation 20.0....

CVE-2021-20358

IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965...

IBM Cloud Pak for Automation 日志信息泄露漏洞

IBM Cloud Pak for Automation is an intelligent software platform for building automation applications in cloud environments from IBM USA. The platform uses pre-integrated automation technologies and low-code tools to design, build and run automation applications and services on any cloud. A...

Dell EMC Unity and UnityVSA Information Disclosure Vulnerability

Dell EMC Unity is a unified storage array product. the UnityVSA is a set of virtual Unity storage environments. An information disclosure vulnerability exists in Dell EMC Unity, Unity XT and UnityVSA versions prior to 5.0.4.0.5.012. The vulnerability stems from the program storing user credential...

Information Disclosure Vulnerability in McAfee Agent

The McAfee Agent MA is a set of client-side components that provide secure communication between ePolicy Orchestrator antivirus management platform and managed products. An information disclosure vulnerability exists in McAfee Agent. An attacker could exploit the vulnerability to cause log file...

CVE-2020-5626

Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file...

CVE-2020-5626

Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file...

CVE-2020-4889

IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971...

CVE-2020-4889

IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971...

CVE-2020-4889

IBM Spectrum Scale is affected by CVE-2020-4889. A local attacker could poison command log files via the log-casting vulnerability in IBM Spectrum Scale 5.0.0–5.0.5.4 and 5.1.0, per IBM’s security bulletin. Impact is described as enabling log poisoning that could affect support and development ef...

CVE-2020-4889

IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971...

SuiteCRM Security Breach

SuiteCRM is a customer relationship management system from the SuiteCRM Suitecrm team. A security vulnerability exists in SuiteCRM log files. An attacker could exploit this vulnerability to trigger remote code execution...

CVE-2021-1283

A vulnerability in the logging subsystem of Cisco Data Center Network Manager DCNM could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is...

Design/Logic Flaw

A vulnerability in the logging subsystem of Cisco Data Center Network Manager DCNM could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is...

CVE-2021-1283 Cisco Data Center Network Manager Information Disclosure Vulnerability

A vulnerability in the logging subsystem of Cisco Data Center Network Manager DCNM could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is...

CVE-2021-1283 Cisco Data Center Network Manager Information Disclosure Vulnerability

A vulnerability in the logging subsystem of Cisco Data Center Network Manager DCNM could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is...

CVE-2021-1283

Cisco Data Center Network Manager (DCNM) is affected by an information-disclosure vulnerability in its logging subsystem. The issue arises because sensitive data is not properly masked before being written to system log files, allowing an authenticated, local attacker with valid credentials to vi...