How severe is CVE-2020-3281?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2020-3281?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2020-3281 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

A vulnerability in the audit logging component of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices.

Related Vulnerabilities

CVE-2016-2928

MEDIUM

CVSS:4.3(Medium)

IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs.

CWE-5322016

CVE-2016-8912

MEDIUM

CVSS:4.3(Medium)

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.

CWE-5322016

CVE-2017-1480

MEDIUM

CVSS:4.3(Medium)

IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617...

CWE-5322017

CVE-2017-1727

MEDIUM

CVSS:4.3(Medium)

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.

CWE-5322017

CVE-2019-4286

MEDIUM

CVSS:4.3(Medium)

IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160514.

CWE-5322019

CVE-2019-5634

MEDIUM

CVSS:4.3(Medium)

An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and dire...

CWE-5322019