CWE-532— Insertion of Sensitive Information into Log File

1,076 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →

CVEs classified under CWE-532page 6 of 22

CVE-2020-3281HIGHCVSS 8.8EG 8.8
2020-06-03
A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain…
CVE-2020-3447MEDIUMCVSS 5.5EG 5.5
2020-08-17
A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on a…
CVE-2020-35234HIGHCVSS 7.5EG 7.5
2020-12-14
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file …
CVE-2020-3541MEDIUMCVSS 4.4EG 4.4
2020-09-04
A vulnerability in the media engine component of Cisco Webex Meetings Client for Windows, Cisco Webex Meetings Desktop App for Windows, and Cisco Webex Teams for Windows could allow an authenticated, local attacker to gain access to sensit…
CVE-2020-36876HIGHCVSS 8.7EG 0.0
2025-12-05
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information,…
CVE-2020-3930MEDIUMCVSS 4.0EG 4.0
2020-06-12
GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs.
CVE-2020-4083MEDIUMCVSS 5.5EG 5.5
2020-03-05
HCL Connections 6.5 is vulnerable to possible information leakage. Connections could disclose sensitive information via trace logs to a local user.
CVE-2020-4405MEDIUMCVSS 4.3EG 4.3
2020-07-27
IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially sensitive information to an authenticated user due to world readable log files. IBM X-Force ID: 179484.
CVE-2020-4477MEDIUMCVSS 6.5EG 6.5
2020-06-15
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779.
CVE-2020-4498MEDIUMCVSS 4.4EG 4.4
2020-07-27
IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged user to obtain highly sensitve information due to inclusion of data within trace files. IBM X-Force ID: 182118.
CVE-2020-4671MEDIUMCVSS 6.5EG 6.5
2020-11-16
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user. IBM X-Force ID: 186284.
CVE-2020-4900MEDIUMCVSS 5.5EG 5.5
2020-11-30
IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991.
CVE-2020-5225MEDIUMCVSS 4.4EG 4.4
2020-01-24
Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the reque…
CVE-2020-5262HIGHCVSS 7.7EG 7.7
2020-03-19
In EasyBuild before version 4.1.2, the GitHub Personal Access Token (PAT) used by EasyBuild for the GitHub integration features (like `--new-pr`, `--fro,-pr`, etc.) is shown in plain text in EasyBuild debug log files. This issue is fixed i…
CVE-2020-5389MEDIUMCVSS 6.5EG 6.5
2020-10-08
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an information disclosure vulnerability. Authenticated low privileged OMIMSCC users may be able to retrieve sensitive …
CVE-2020-5400MEDIUMCVSS 6.5EG 6.5
2020-02-27
Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job. A malicious user with access to thos…
CVE-2020-5414MEDIUMCVSS 5.7EG 5.7
2020-07-31
VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware…
CVE-2020-5908MEDIUMCVSS 5.5EG 5.5
2020-07-01
In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, Edge Client for Linux exposes full session ID in the local log files.
CVE-2020-6224MEDIUMCVSS 6.2EG 6.2
2020-04-14
SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends reque…
CVE-2020-6295HIGHCVSS 7.8EG 7.8
2020-08-12
Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the instal…
CVE-2020-6317LOWCVSS 3.5EG 3.5
2020-11-30
In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limite…
CVE-2020-6653LOWCVSS 3.8EG 3.8
2020-08-12
Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can…
CVE-2020-6938HIGHCVSS 7.5EG 7.5
2020-07-08
A sensitive information disclosure vulnerability in Tableau Server 10.5, 2018.x, 2019.x, 2020.x released before June 26, 2020, could allow access to sensitive information in log files.
CVE-2020-7021MEDIUMCVSS 4.9EG 4.9
2021-02-10
Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or…
CVE-2020-7215MEDIUMCVSS 5.5EG 5.5
2020-01-20
An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logge…
CVE-2020-7322MEDIUMCVSS 4.7EG 4.7
2020-09-09
Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows local users to gain access to sensitive information via incorrectly logging of sensitive information in debug l…
CVE-2020-7599MEDIUMCVSS 6.5EG 6.5
2020-03-30
All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File. When a plugin author publishes a Gradle plugin while running Gradle with the --info log level flag, the Gradle Logg…
CVE-2020-7654HIGHCVSS 7.5EG 7.5
2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.
CVE-2020-8563MEDIUMCVSS 4.7EG 4.7
2020-12-07
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3.
CVE-2020-8564MEDIUMCVSS 4.7EG 4.7
2020-12-07
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This af…
CVE-2020-8565MEDIUMCVSS 4.7EG 4.7
2020-12-07
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1…
CVE-2020-8566MEDIUMCVSS 4.7EG 4.7
2020-12-07
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claim…
CVE-2020-9486HIGHCVSS 7.5EG 7.5
2020-10-01
In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensit…
CVE-2021-0148MEDIUMCVSS 4.4EG 4.4
2021-11-17
Insertion of information into log file in firmware for some Intel(R) SSD DC may allow a privileged user to potentially enable information disclosure via local access.
CVE-2021-0549MEDIUMCVSS 4.4EG 4.4
2021-06-22
In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interactio…
CVE-2021-0991LOWCVSS 2.4EG 2.4
2021-12-15
In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution pri…
CVE-2021-0997MEDIUMCVSS 5.5EG 5.5
2021-12-15
In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , there is a possible APN disclosure due to log information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User…
CVE-2021-1226MEDIUMCVSS 4.3EG 4.3
2021-01-13
A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, Cisco Unity Connection…
CVE-2021-1442HIGHCVSS 7.8EG 7.8
2021-03-24
A vulnerability in a diagnostic command for the Plug-and-Play (PnP) subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user (level 15) on an affected devic…
CVE-2021-1576HIGHCVSS 8.8EG 8.8
2021-07-08
Multiple vulnerabilities in the web-based management interface of Cisco Business Process Automation (BPA) could allow an authenticated, remote attacker to elevate privileges to Administrator. These vulnerabilities are due to improper autho…
CVE-2021-20129HIGHCVSS 7.5EG 7.5
2021-10-13
An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs.
CVE-2021-20178MEDIUMCVSS 5.5EG 5.5
2021-05-26
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_p…
CVE-2021-20180MEDIUMCVSS 5.5EG 5.5
2022-03-16
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_p…
CVE-2021-20191MEDIUMCVSS 5.5EG 5.5
2021-05-26
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those creden…
CVE-2021-20359MEDIUMCVSS 6.5EG 6.5
2021-02-08
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966.
CVE-2021-20536MEDIUMCVSS 6.2EG 6.2
2021-04-26
IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 198836.
CVE-2021-21361MEDIUMCVSS 5.3EG 5.3
2021-03-09
The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive…
CVE-2021-21508MEDIUMCVSS 6.7EG 6.7
2026-05-22
Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to …
CVE-2021-21546HIGHCVSS 7.8EG 7.8
2021-07-29
Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read pla…
CVE-2021-21558HIGHCVSS 8.2EG 8.2
2021-06-08
Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local l…

Map vulnerabilities like CWE-532 to your infrastructure

EchelonGraph correlates every CVE — across CWE-532 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.

Start Free Scan →