How severe is CVE-2024-3165?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.5 out of 10.

What type of vulnerability is CVE-2024-3165?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2024-3165 - MEDIUM Severity | CVSS 4.5

Vulnerability Description

System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. OWASP Top 10 - A05) Insecure Design OWASP Top 10 - A05) Security Misconfiguration OWASP Top 10 - A09) Security Logging and Monitoring Failure

Related Vulnerabilities

CVE-2020-12023

MEDIUM

CVSS:4.5(Medium)

Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). Unencrypted user crede...

CWE-5322020

CVE-2020-6224

MEDIUM

CVSS:4.5(Medium)

SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files...

CWE-5322020

CVE-2024-5557

MEDIUM

CVSS:4.5(Medium)

CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs.

CWE-5322024

CVE-2017-1795

MEDIUM

CVSS:4.4(Medium)

IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local user to obtain highly sensitive information via trace logs in IBM WebSphere MQ Managed File Transfer. IBM X-Force ID: 137042.

CWE-5322017

CVE-2018-16859

MEDIUM

CVSS:4.4(Medium)

Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. A local user wi...

CWE-5322018

CVE-2018-1788

MEDIUM

CVSS:4.4(Medium)

IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. IBM X-Force ID: 148873.

CWE-5322018