How severe is CVE-2017-5153?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2017-5153?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2017-5153 - HIGH Severity | CVSS 7.8

Vulnerability Description

An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials.

Related Vulnerabilities

CVE-2018-1000018

HIGH

CVSS:7.8(High)

An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file.

CWE-5322018

CVE-2018-1075

HIGH

CVSS:7.8(High)

ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. When engine-setup was run and one chooses to provision the database manually or connect t...

CWE-5322018

CVE-2018-1768

HIGH

CVSS:7.8(High)

IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an ins...

CWE-5322018

CVE-2018-6971

HIGH

CVSS:7.8(High)

VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the current...

CWE-5322018

CVE-2019-0004

HIGH

CVSS:7.8(High)

On Juniper ATP, the API key and the device key are logged in a file readable by authenticated local users. These keys are used for performing critical operations on the WebUI interface. This issue aff...

CWE-5322019

CVE-2019-0029

HIGH

CVSS:7.8(High)

Juniper ATP Series Splunk credentials are logged in a file readable by authenticated local users. Using these credentials an attacker can access the Splunk server. This issue affects Juniper ATP 5.0 v...

CWE-5322019