{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-17T05:42:04.188","vulnerabilities":[{"cve":{"id":"CVE-2024-3165","sourceIdentifier":"security@dotcms.com","published":"2024-04-01T22:15:23.080","lastModified":"2025-06-27T14:06:33.077","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment.  \n\nOWASP Top 10 - A05) Insecure Design\n\nOWASP Top 10 - A05) Security Misconfiguration\n\nOWASP Top 10 - A09) Security Logging and Monitoring Failure"},{"lang":"es","value":"System->Maintenance-> Log Files en el panel de dotCMS proporciona el nombre de usuario/contraseña para las conexiones de la base de datos en la salida del registro. Sin embargo, este es un problema moderado, ya que requiere un administrador de backend y que las bases de datos estén bloqueadas por el entorno. OWASP Top 10 - A05) Diseño inseguro OWASP Top 10 - A05) Configuración incorrecta de seguridad OWASP Top 10 - A09) Fallo de registro y monitoreo de seguridad"}],"metrics":{"cvssMetricV31":[{"source":"security@dotcms.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N","baseScore":4.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@dotcms.com","type":"Secondary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*","versionStartIncluding":"22.02","versionEndExcluding":"22.03.15","matchCriteriaId":"B8156D65-B011-4B9A-BF2E-F7F3CCFA8BD7"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*","versionStartIncluding":"23.01","versionEndExcluding":"23.01.15","matchCriteriaId":"4513A2EB-037F-4037-B4F7-44B8AECB407A"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*","versionStartIncluding":"23.02","versionEndIncluding":"23.09.7","matchCriteriaId":"E85B4224-34E8-47CD-8F08-8B129868AF1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:23.10.24:1:*:*:lts:*:*:*","matchCriteriaId":"33DBCA2A-D4E2-4AE6-B6E0-FD0A277266F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:23.10.24:2:*:*:lts:*:*:*","matchCriteriaId":"342C11DD-7760-42AE-8670-4461ECB51E4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:23.10.24:3:*:*:lts:*:*:*","matchCriteriaId":"90B73A81-7202-4B0B-822B-4F2EE4480663"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:23.10.24:4:*:*:lts:*:*:*","matchCriteriaId":"0BFA7220-B846-451B-A7B2-C3DC87767575"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:23.10.24:5:*:*:lts:*:*:*","matchCriteriaId":"258813CA-66A7-4DCA-883D-884FB88430DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:23.10.24:6:*:*:lts:*:*:*","matchCriteriaId":"E69C8B72-A38C-4D97-83BB-DCE392D3ABD0"},{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:23.10.24:7:*:*:lts:*:*:*","matchCriteriaId":"B5309F19-2D65-4E87-87FD-2A0294008FF5"}]}]}],"references":[{"url":"https://github.com/dotCMS/core/issues/27910","source":"security@dotcms.com","tags":["Issue Tracking"]},{"url":"https://github.com/dotCMS/core/pull/28006","source":"security@dotcms.com","tags":["Issue Tracking"]},{"url":"https://www.dotcms.com/security/SI-70","source":"security@dotcms.com","tags":["Broken Link"]},{"url":"https://github.com/dotCMS/core/issues/27910","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://github.com/dotCMS/core/pull/28006","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://www.dotcms.com/security/SI-70","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]}]}}]}