CVE-2024-57957
CVE-2024-57957
In short
The UI framework doesn't properly control what information gets logged, potentially exposing sensitive data in log files that shouldn't be there. This can allow attackers to access confidential information if they gain access to logs.
Technical detail
CWE-657 (Improper Control of Dynamically-Managed Code Resources) manifests in the UI framework module where sensitive information is inadequately sanitized before being written to logs. Exploitation requires access to log files; successful attacks may lead to unauthorized disclosure of confidential data affecting service confidentiality.
Summary generated and translated by AI from the official description.
Vulnerability of improper log information control in the UI framework module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Huawei · HarmonyOSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →