CVE-2023-21387

MEDIUM Year: 2023
CVSS v3 Score
4.4
Medium
Weakness Type
CWE-532
View all →

Vulnerability Description

In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.

Related Vulnerabilities

CVE-2017-1795

MEDIUM
CVSS:4.4(Medium)

IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.

CWE-5322017

CVE-2018-16859

MEDIUM
CVSS:4.4(Medium)

Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user wi...

CWE-5322018

CVE-2018-1788

MEDIUM
CVSS:4.4(Medium)

IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873.

CWE-5322018

CVE-2018-2440

MEDIUM
CVSS:4.4(Medium)

Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs.

CWE-5322018

CVE-2019-4225

MEDIUM
CVSS:4.4(Medium)

IBM PureApplication System 2.2.3.0 through 2.2.5.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 159242.

CWE-5322019

CVE-2019-4284

MEDIUM
CVSS:4.4(Medium)

IBM Cloud Private 2.1.0 , 3.1.0, 3.1.1, and 3.1.2 could allow a local privileged user to obtain sensitive OIDC token that is printed to log files, which could be used to log in to the system as anothe...

CWE-5322019