How severe is CVE-2017-12315?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6 out of 10.

What type of vulnerability is CVE-2017-12315?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2017-12315

MEDIUM Year: 2017

CVSS v3 Score

6.0

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-200

View all →

Vulnerability Description

A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative user to conduct this attack. The vulnerability is due to lack of proper masking of sensitive information in system log files. An attacker could exploit this vulnerability by authenticating to the targeted device and viewing the system log file. An exploit could allow the attacker to view sensitive system information that should have been restricted. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvg31472.

CVE-2011-2707

MEDIUM

CVSS:6.0(Medium)

The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Linux kernel before 3.1 does not validate user-space pointers, which allows local users to obtain sensitive information from kernel m...

CWE-2002011

CVE-2016-9103

MEDIUM

CVSS:6.0(Medium)

The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before wri...

CWE-2002016

CVE-2018-12158

MEDIUM

CVSS:6.0(Medium)

Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosur...

CWE-2002018

CVE-2021-21512

MEDIUM

CVSS:6.0(Medium)

Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulne...

CWE-2002021

CVE-2022-23509

MEDIUM

CVSS:6.0(Medium)

Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchron...

CWE-2002022

CVE-2022-35169

MEDIUM

CVSS:6.0(Medium)

SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling ...

CWE-2002022

CVE-2017-12315

Vulnerability Description

Related Vulnerabilities

CVE-2011-2707

CVE-2016-9103

CVE-2018-12158

CVE-2021-21512

CVE-2022-23509

CVE-2022-35169