CVE-2022-28625

MEDIUM Year: 2022
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-532
View all →

Vulnerability Description

A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView.

Related Vulnerabilities

CVE-2014-3536

MEDIUM
CVSS:5.5(Medium)

CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration

CWE-5322014

CVE-2015-3243

MEDIUM
CVSS:5.5(Medium)

rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.

CWE-5322015

CVE-2016-4443

MEDIUM
CVSS:5.5(Medium)

Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.

CWE-5322016

CVE-2016-5967

MEDIUM
CVSS:5.5(Medium)

The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users to discover the WAS Admin password by reading IM native logs.

CWE-5322016

CVE-2016-9985

MEDIUM
CVSS:5.5(Medium)

IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information in log files that could be read by a local user. IBM Reference #: 1999671.

CWE-5322016

CVE-2017-2592

MEDIUM
CVSS:5.5(Medium)

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error messa...

CWE-5322017