CVEbaza.plSłownik CWECWE-778
Common Weakness Enumeration

CWE-778

Insufficient Logging

Kategoria: BaseCVE: 24
Opis

Gdy wystąpi zdarzenie krytyczne dla bezpieczeństwa, produkt albo nie rejestruje zdarzenia, albo pomija ważne szczegóły dotyczące tego zdarzenia podczas logowania. Skutkuje to brakiem możliwości śledzenia i analizy incydentów bezpieczeństwa.

Description (EN)

When a security-critical event occurs, the product either does not record the event or omits important details about the event when logging it.

Podatności CVE z CWE-778 (24)
10.0
CVSS
CRITICAL
CVE-2024-48967

Respiratory (wentylatory medyczne) oraz powiązane z nimi komputery serwisowe (Service PC) nie posiadają wystarczających możliwości rejestrowania zdarzeń audytowych, co uniemożliwia wykrycie złośliwej aktywności. Podatność jest oceniana jako krytyczna (CVSS 10.0) ze względu na brak jakichkolwiek barier wykrywania nieautoryzowanych działań na urządzeniach podtrzymujących życie.

pub. 2024-11-14
8.8
CVSS
HIGH
CVE-2026-32693

In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updating other secrets. When the "secret-set" tool logs an error in an exploitation attempt, the secret is still updated contrary to expectations, and the new value is visible to both the owner and the grantee.

pub. 2026-03-18
7.5
CVSS
HIGH
CVE-2021-43419

An Information Disclosure vulnerability exists in Opay Mobile application 1.5.1.26 and maybe be higher in the logcat app.

pub. 2023-11-07
7.5
CVSS
HIGH
CVE-2019-7613

Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event.

pub. 2019-03-25
6.5
CVSS
MEDIUM
CVE-2019-19277

A vulnerability has been identified in SIPORT MP (All versions < 3.1.4). Vulnerable versions of the device allow the creation of special accounts ("service users") with administrative privileges that could enable a remote authenticated attacker to perform actions that are not visible to other users of the system, such as granting persons access to a secured area.

pub. 2020-03-10
6.3
CVSS
MEDIUM
CVE-2026-25598

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action (Community Tier) that allows outbound network connections to evade audit logging. Specifically, outbound traffic using the sendto, sendmsg, and sendmmsg socket system calls can bypass detection and logging when using egress-policy: audit. This vulnerability is fixed in 2.14.2.

pub. 2026-02-09
5.8
CVSS
MEDIUM
CVE-2025-52644

HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could potentially impact monitoring, accountability, or incident investigation processes.

pub. 2026-03-16
5.4
CVSS
MEDIUM
CVE-2025-32967

OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrators from auditing critical actions. This weakens traceability and opens the system to undetectable misuse by insiders or attackers. Version 7.0.3.4 contains a patch for the issue.

pub. 2025-05-23
5.4
CVSS
MEDIUM
CVE-2025-2562

Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via the use of the autotyping functionality. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29.

pub. 2025-03-26
5.3
CVSS
MEDIUM
CVE-2026-3494

In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.

pub. 2026-03-03
5.3
CVSS
MEDIUM
CVE-2025-53498

Insufficient Logging vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Data Leakage Attacks.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2.

pub. 2025-07-07
5.3
CVSS
MEDIUM
CVE-2023-1995

Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 09-66-17, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W , before 09-66-/Q ; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.

pub. 2023-08-29
5.1
CVSS
MEDIUM
CVE-2024-10863

: Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.This issue affects Secure Content Manager: from 10.1 before <24.4. End-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side.

pub. 2024-11-22
4.3
CVSS
MEDIUM
CVE-2026-22279

Dell PowerScale OneFS, versions prior 9.13.0.0, contains an insufficient logging vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to information tampering.

pub. 2026-01-22
4.3
CVSS
MEDIUM
CVE-2025-66552

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed in Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1.

pub. 2025-12-05
4.3
CVSS
MEDIUM
CVE-2024-2291

In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered.  An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly.

pub. 2024-03-20
4.3
CVSS
MEDIUM
CVE-2022-25783

Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7.

pub. 2022-05-04
4.3
CVSS
MEDIUM
CVE-2021-33689

When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, security audit log Integrity is impacted.

pub. 2021-07-14
4.3
CVSS
MEDIUM
CVE-2019-19295

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) does not enforce logging of security-relevant activities in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to perform covert actions that are not visible in the application log.

pub. 2020-03-10
3.7
CVSS
LOW
CVE-2022-30305

An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.

pub. 2022-12-06
Pokazano 20 z 24 podatności
Informacje
ID: CWE-778
Typ: Base
Podatności: 24
MITRE CWE ↗
← Słownik CWE
CWE-778 — Niewystarczające logowanie | Słownik CWE | CVEbaza.pl