CVE-2019-6656

HIGH Year: 2019
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-532
View all →

Vulnerability Description

BIG-IP APM Edge Client before version 7.1.8 (7180.2019.508.705) logs the full apm session ID in the log files. Vulnerable versions of the client are bundled with BIG-IP APM versions 15.0.0-15.0.1, 14,1.0-14.1.0.6, 14.0.0-14.0.0.4, 13.0.0-13.1.1.5, 12.1.0-12.1.5, and 11.5.1-11.6.5. In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated independently from BIG-IP software. Client version 7.1.8 (7180.2019.508.705) and later has the fix.

Related Vulnerabilities

CVE-2012-1156

HIGH
CVSS:7.5(High)

Moodle before 2.2.2 has users' private files included in course backups

CWE-5322012

CVE-2013-1771

HIGH
CVSS:7.5(High)

The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo.

CWE-5322013

CVE-2015-8977

HIGH
CVSS:7.5(High)

MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.

CWE-5322015

CVE-2016-0875

HIGH
CVSS:7.5(High)

Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL.

CWE-5322016

CVE-2016-0879

HIGH
CVSS:7.5(High)

Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive informatio...

CWE-5322016

CVE-2016-6799

HIGH
CVSS:7.5(High)

Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a se...

CWE-5322016