CVE-2019-10212

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
Configurations

Configuration 1

cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_data_grid:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_fuse:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

Information

Published : 2019-10-02 07:15

Updated : 2022-02-20 06:20


NVD link : CVE-2019-10212

Mitre link : CVE-2019-10212

CWE
CWE-532

Insertion of Sensitive Information into Log File