How severe is CVE-2019-5634?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2019-5634?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2019-5634 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and direct connections to the lock via Bluetooth Low Energy (BLE) from the mobile application are logged in a debug log on the Android device at HickorySmartLog/Logs/SRDeviceLog.txt. This information was found stored in the Android device's default USB or SDcard storage paths and is accessible without rooting the device. This issue affects Hickory Smart for Android, version 01.01.43 and prior versions.

Related Vulnerabilities

CVE-2016-2928

MEDIUM

CVSS:4.3(Medium)

IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs.

CWE-5322016

CVE-2016-8912

MEDIUM

CVSS:4.3(Medium)

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.

CWE-5322016

CVE-2017-1480

MEDIUM

CVSS:4.3(Medium)

IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617...

CWE-5322017

CVE-2017-1727

MEDIUM

CVSS:4.3(Medium)

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.

CWE-5322017

CVE-2019-4286

MEDIUM

CVSS:4.3(Medium)

IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160514.

CWE-5322019

CVE-2020-11646

MEDIUM

CVSS:4.3(Medium)

A log information disclosure vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to view log information reserved...

CWE-5322020