CVE-2024-22464

MEDIUM Year: 2024
CVSS v3 Score
6.8
Medium
Weakness Type
CWE-532
View all →

Vulnerability Description

Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.

Related Vulnerabilities

CVE-2021-43271

MEDIUM
CVSS:6.8(Medium)

Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) log...

CWE-5322021

CVE-2024-22440

MEDIUM
CVSS:6.8(Medium)

A potential security vulnerability has been identified in HPE Compute Scale-up Server 3200 server. This vulnerability could cause disclosure of sensitive information in log files.

CWE-5322024

CVE-2024-27156

MEDIUM
CVSS:6.8(Medium)

The session cookies, used for authentication, are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authenticat...

CWE-5322024

CVE-2024-27157

MEDIUM
CVSS:6.8(Medium)

The sessions are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affecte...

CWE-5322024

CVE-2024-32757

MEDIUM
CVSS:6.8(Medium)

Under certain circumstances unnecessary user details are provided within system logs

CWE-5322024

CVE-2025-25002

MEDIUM
CVSS:6.8(Medium)

Insertion of sensitive information into log file in Azure Local Cluster allows an authorized attacker to disclose information over an adjacent network.

CWE-5322025