CVE-2024-22356

MEDIUM Year: 2024
CVSS v3 Score
4.9
Medium
Weakness Type
CWE-117
View all →

Vulnerability Description

IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.9.0 and IBM Integration Bus for z/OS 10.1 through 10.1.0.2store potentially sensitive information in log or trace files that could be read by a privileged user. IBM X-Force ID: 280893.

Related Vulnerabilities

CVE-2023-36924

MEDIUM
CVSS:4.9(Medium)

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin priv...

CWE-1172023

CVE-2025-41429

LOW
CVSS:4.8(Medium)

a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session.

CWE-1172025

CVE-2019-10213

MEDIUM
CVSS:5.3(Medium)

OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read...

CWE-1172019

CVE-2019-14854

MEDIUM
CVSS:5.3(Medium)

OpenShift Container Platform 4 does not sanitize secret data written to static pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to d...

CWE-1172019

CVE-2020-4072

MEDIUM
CVSS:5.3(Medium)

In generator-jhipster-kotlin version 1.6.0 log entries are created for invalid password reset attempts. As the email is provided by a user and the api is public this can be used by an attacker to forg...

CWE-1172020

CVE-2021-20333

MEDIUM
CVSS:5.3(Medium)

Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6...

CWE-1172021