Insertion of Sensitive Information into Log File
NetApp Cloud Manager versions prior to 3.9.9 log sensitive information when an Active Directory connection fails. The logged information is available only to authenticated users. Customers with auto-upgrade enabled should already be on a fixed version while customers using on-prem connectors with auto-upgrade disabled are advised to upgrade to a fixed version.
CWE-532 - Insertion of Sensitive Information into Log File
It's quite common for applications to save logs. For example, whenever a user requests a resource from a particular website, the web server writes information about the request to a log file. These files are helpful for identifying abnormal system activity, bugs, and evaluating the security controls of the application. Security of log files is critical for the overall security of the application and its confidential resources. An application that lacks appropriate logging levels can expose sensitive user data and system information stored on the log files to malicious users. This info can be exploited to compromise your system.