PT-2018-4627 · Oracle · Mysql Server

Publicado

2018-03-29

Atualizado

2021-09-09

CVE-2016-0898

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MySQL for PCF tiles versions 1.7.x before 1.7.10

Description A issue was discovered where the AWS access key is logged in plaintext. These credentials are logged to the Service Backup component logs, not the system log, and are not exposed outside the Service Backup VM.

Recommendations For versions 1.7.x before 1.7.10, update to version 1.7.10 or later to prevent the AWS access key from being logged in plaintext.

Correção

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-255CWE-532

Identificadores relacionados

CVE-2016-0898

Produtos afetados

Mysql Server

PT-2018-4627 · Oracle · Mysql Server

CVE-2016-0898

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4