CVE-2024-13416

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-532
View all →

Vulnerability Description

Using API in the 2N OS device, authorized user can enable logging, which discloses valid authentication tokens in system log. 2N has released an updated version 2.46 of 2N OS, where this vulnerability is mitigated. It is recommended that all customers update their devices to the latest 2N OS.

Related Vulnerabilities

CVE-2016-2928

MEDIUM
CVSS:4.3(Medium)

IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to obtain sensitive information by reading error logs.

CWE-5322016

CVE-2016-8912

MEDIUM
CVSS:4.3(Medium)

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.

CWE-5322016

CVE-2017-1480

MEDIUM
CVSS:4.3(Medium)

IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617...

CWE-5322017

CVE-2017-1727

MEDIUM
CVSS:4.3(Medium)

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive information in error messages that could aid an attacker in further attacks against the system. IBM X-Force ID: 134869.

CWE-5322017

CVE-2019-4286

MEDIUM
CVSS:4.3(Medium)

IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device. IBM X-Force ID: 160514.

CWE-5322019

CVE-2019-5634

MEDIUM
CVSS:4.3(Medium)

An inclusion of sensitive information in log files vulnerability is present in Hickory Smart for Android mobile devices from Belwith Products, LLC. Communications to the internet API services and dire...

CWE-5322019