How severe is CVE-2024-29954?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-29954?

This is classified as CWE-312, which is a common weakness in software security.

CVE-2024-29954 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line.

Related Vulnerabilities

CVE-2002-1696

MEDIUM

CVSS:5.5(Medium)

Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Alwa...

CWE-3122002

CVE-2005-2209

MEDIUM

CVSS:5.5(Medium)

Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users.

CWE-3122005

CVE-2008-1567

MEDIUM

CVSS:5.5(Medium)

phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive info...

CWE-3122008

CVE-2009-1466

MEDIUM

CVSS:5.5(Medium)

Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file.

CWE-3122009

CVE-2011-2916

MEDIUM

CVSS:5.5(Medium)

qtnx 0.9 stores non-custom SSH keys in a world-readable configuration file. If a user has a world-readable or world-executable home directory, another local system user could obtain the private key us...

CWE-3122011

CVE-2015-1931

MEDIUM

CVSS:5.5(Medium)

IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores pla...

CWE-3122015