Primary

Context

AxxonSoft Axxon One and AxxonNet Insertion of Sensitive Information into Log File Vulnerability

Vulnerability

A vulnerability exists in the ARP Agent component of AxxonSoft Axxon One and AxxonNet versions 2.0.4 and earlier on Windows. This vulnerability involves the insertion of sensitive information into log files, specifically plaintext credentials. A local attacker can exploit this issue by accessing TRACE log files that contain serialized JSON with passwords.

Impact

Exploitation of this vulnerability allows for the unauthorized retrieval of plaintext passwords from the application's log files.

Remediation

Users are advised to update to AxxonCloud version 3.15.0 or later. For Axxon One, version 2.0.8 or later should be installed. Additionally, avoid enabling TRACE logging in production environments unless necessary for debugging, and rotate credentials if TRACE logging was previously active.

Added: Sep 10, 2025, 1:21 PM

Updated: Sep 10, 2025, 1:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AxxonSoft Axxon One and AxxonNet Insertion of Sensitive Information into Log File Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating