CVE-2022-38756

MEDIUM Year: 2022
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-532
View all →

Vulnerability Description

A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies.

Related Vulnerabilities

CVE-2016-2928

MEDIUM
CVSS:4.3(Medium)

IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs.

CWE-5322016

CVE-2016-8912

MEDIUM
CVSS:4.3(Medium)

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.

CWE-5322016

CVE-2017-1480

MEDIUM
CVSS:4.3(Medium)

IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617...

CWE-5322017

CVE-2017-1727

MEDIUM
CVSS:4.3(Medium)

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.

CWE-5322017

CVE-2019-4286

MEDIUM
CVSS:4.3(Medium)

IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160514.

CWE-5322019

CVE-2019-5634

MEDIUM
CVSS:4.3(Medium)

An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and dire...

CWE-5322019