CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
15.7%
Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before
7.0.17, when the MemoryUserDatabase is used, creates log entries containing
passwords upon encountering errors in JMX user creation, which allows local
users to obtain sensitive information by reading a log file.