CVE-2024-6060 CRITICAL

CVE-2024-6060

Vendor Phloc
Product Webscopes
Weakness CWE-532 · Sensitive info in logs
Published June 25, 2024
Last update December 30, 2025

CVSS base score

9.3/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/AU:N/R:U/V:C/RE:M/U:Red

What the vulnerability does

01Description

An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.

Key dates

02Disclosure timeline

June 25, 2024 CVE published
December 30, 2025 Record updated