CVE-2024-9621

Summary

CVE-2024-9621 identifies a vulnerability in Quarkus CXF, where passwords and other sensitive information can unintentionally appear in application logs despite user configurations intended to conceal them. This issue arises under specific conditions, including enabled SOAP logging and certain client and endpoint logging properties, necessitating that an attacker has access to the application log for exploitation. The vulnerability is classified with a medium severity rating (CVSS score of 5.3) and poses a high confidentiality impact risk due to potential exposure of sensitive data. To remediate this vulnerability, users should review their logging configurations and disable SOAP logging when not necessary, as well as restrict access to application logs. Organizations using affected versions of Quarkus CXF should take immediate action to mitigate the risk of unauthorized data exposure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.