CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-38321 – IBM Business Automation Workflow information disclosure
https://notcve.org/view.php?id=CVE-2024-38321
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294868 https://www.ibm.com/support/pages/node/7162334 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42349 – FOG has a Log Information Disclosure
https://notcve.org/view.php?id=CVE-2024-42349
FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. • https://github.com/FOGProject/fogproject/security/advisories/GHSA-697m-3c4p-g29h • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42348 – FOG leaks sensitive information (AD domain, username and password)
https://notcve.org/view.php?id=CVE-2024-42348
FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. • https://github.com/FOGProject/fogproject/security/advisories/GHSA-456c-4gw3-c9xw • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 2.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23600 – PingIDM Query Filter Vulnerability
https://notcve.org/view.php?id=CVE-2024-23600
Improper Input Validation of query search results for private field data in PingIDM OPENIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure. Improper Input Validation of query search results for private field data in PingIDM (Query Filter module) allows for a potentially efficient brute forcing approach leading to information disclosure. • https://backstage.forgerock.com/docs/idcloud/latest/release-notes/regular-channel-changelog.html#changed_functionality https://backstage.forgerock.com/knowledge/kb/article/a95212747 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28972
https://notcve.org/view.php?id=CVE-2024-28972
An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure. • https://www.dell.com/support/kbdoc/en-us/000226567/dsa-2024-211-security-update-for-a-dell-insightiq-broken-or-risky-cryptographic-algorithm-vulnerability • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •