CVE-2020-6317

LOW Year: 2020
CVSS v3 Score
2.6
Low
CVSS v2 Score
2.7
Low
Weakness Type
CWE-532
View all →

Vulnerability Description

In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0.

Related Vulnerabilities

CVE-2017-18412

LOW
CVSS:2.5(Low)

cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).

CWE-5322017

CVE-2017-18426

LOW
CVSS:2.7(Low)

cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).

CWE-5322017

CVE-2019-4706

LOW
CVSS:2.7(Low)

IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information....

CWE-5322019

CVE-2021-39900

LOW
CVSS:2.7(Low)

Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs.

CWE-5322021

CVE-2024-23760

LOW
CVSS:2.7(Low)

Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot.

CWE-5322024

CVE-2024-28830

LOW
CVSS:2.7(Low)

Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p7, <2.2.0p28, <2.1.0p45 and <=2.0.0p39 (EOL) causes automation user secrets to be written to audit log files ...

CWE-5322024