CWE-778 25 個 CVE MITRE 定義 ↗

CWE-778:Insufficient Logging

概覽

CWE-778(Insufficient Logging)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

When a security-critical event occurs, the product either does not record the event or omits important details about the event when logging it.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Cloud Computing Undetermined
technology Not Technology-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-9247 2026-05-22 Insufficient logging in the entry export feature in Devolutions Server allows an authenticated user with export permissions to export a sealed entry without triggering the unseal notification to admin…
CVE-2026-32803 2026-05-08 Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privilege…
CVE-2026-32693 2026-03-18 In Juju from version 3.0.0 through 3.6.18, the authorization of the "secret-set" tool is not performed correctly, which allows a grantee to update the secret content, and can lead to reading or updati…
CVE-2025-52644 2026-03-16 HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user activities and could …
CVE-2026-3494 2026-03-03 In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated databa…
CVE-2026-25598 2026-02-09 Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Prior to 2.14.2, a security vulnerability has been identified in the Harden-Runner GitHub Action (Community T…
CVE-2026-22279 2026-01-22 Dell PowerScale OneFS, versions prior 9.13.0.0, contains an insufficient logging vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to …
CVE-2025-66552 2025-12-05 Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the admin_audit app to n…
CVE-2025-53498 2025-07-07 Insufficient Logging vulnerability in Wikimedia Foundation Mediawiki - AbuseFilter Extension allows Data Leakage Attacks.This issue affects Mediawiki - AbuseFilter Extension: from 1.43.X before 1.43.2…
CVE-2025-32967 2025-05-23 OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded…
CVE-2025-2562 2025-03-26 Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via …
CVE-2024-10863 2024-11-22 : Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.This issue affects Secure Content Manager: from 10.1 before <24.4. End-users can pot…
CVE-2024-48967 2024-11-14 The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator…
CVE-2024-2291 2024-03-20 In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered.  An authentica…
CVE-2024-24901 2024-03-04 Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messa…
CVE-2021-43419 2023-11-07 An Information Disclosure vulnerability exists in Opay Mobile application 1.5.1.26 and maybe be higher in the logcat app.
CVE-2023-1995 2023-08-28 Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-2…
CVE-2022-30305 2022-12-06 An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3…
CVE-2022-31120 2022-08-04 Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events …
CVE-2022-25783 2022-05-04 Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7.

內容提交

名稱
CWE Content Team
組織
MITRE
日期
2009-07-02
版本
1.5

內容修訂

日期 名稱 版本 重要性 評論
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated References
2017-11-08 CWE Content Team 3.0 updated Modes_of_Introduction, Relationships
2018-03-27 CWE Content Team 3.1 updated Relationships
2020-02-24 CWE Content Team 4.0 updated Relationships
2020-08-20 CWE Content Team 4.2 updated Relationships
2021-10-28 CWE Content Team 4.6 updated Relationships
2022-10-13 CWE Content Team 4.9 updated Demonstrative_Examples, Potential_Mitigations
2023-01-31 CWE Content Team 4.10 updated Applicable_Platforms, Demonstrative_Examples, Description, Potential_Mitigations, References
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-04-03 CWE Content Team 4.17 updated Relationships
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Relationships, Weakness_Ordinalities

貢獻

類型 名稱 日期 評論
Content 2009-07-02 Provided code example and additional information for description and consequences.
Content Drew Buttner 2022-08-15 Suggested a new demonstrative example and changes to the mitigations.
cvelogic Threat Intelligence