How severe is CVE-2021-3032?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2021-3032?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2021-3032 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server profiles can be logged to the logrcvr.log system log. Logged information may include up to 1024 bytes of the configuration including the username and password in an encrypted form and private keys used in any certificate profiles set for log forwarding server profiles. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.18; PAN-OS 9.0 versions earlier than PAN-OS 9.0.12; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1.

Related Vulnerabilities

CVE-2017-1795

MEDIUM

CVSS:4.4(Medium)

IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.

CWE-5322017

CVE-2018-16859

MEDIUM

CVSS:4.4(Medium)

Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user wi...

CWE-5322018

CVE-2018-1788

MEDIUM

CVSS:4.4(Medium)

IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873.

CWE-5322018

CVE-2018-2440

MEDIUM

CVSS:4.4(Medium)

Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs.

CWE-5322018

CVE-2019-4225

MEDIUM

CVSS:4.4(Medium)

IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.

CWE-5322019

CVE-2019-4284

MEDIUM

CVSS:4.4(Medium)

IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as anothe...

CWE-5322019