Vulnerability Description: Insertion of Sensitive Information into Log File - CWE-532
Software Version: R14.2
NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-39821
CVSv3: 7.5
Severity: High
Credits: Luca Carbone, Fabio Romano, Stefano Scipioni, Massimiliano Brolli
In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem.