CVE-2024-8609
7.5 HIGHInsertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information
Published: 2024-09-27 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-532
Affected products
| Vendor | Product |
|---|---|
| oceanicsoft | valeapp |
Description
Insertion of Sensitive Information into Log File vulnerability in Oceanic Software ValeApp allows Query System for Information. This issue affects ValeApp: before v2.0.0.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2024-8644 — Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hij... (7.5 HIGH)
- CVE-2024-8643 — Session Fixation vulnerability in Oceanic Software ValeApp allows Brute Force, Session Hijacking (9.8 CRITICAL)
- CVE-2024-8608 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oceanic Software ValeApp all... (5.4 MEDIUM)
- CVE-2024-8607 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oceanic Software ValeApp allows SQL... (9.8 CRITICAL)
Same CWE
- CVE-2025-46313 — A logging issue was addressed with improved data redaction (5.5 MEDIUM)
- CVE-2026-0267 — An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured p...
- CVE-2026-9751 — The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in p... (5.5 MEDIUM)
- CVE-2026-9735 — MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication (5.5 MEDIUM)
- CVE-2026-45581 — fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs (5.5 MEDIUM)