CVE-2023-45585

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-45585

2.3 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

A

n insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage.

References
Link Resource
https://fortiguard.com/psirt/FG-IR-23-392 Vendor Advisory
https://fortiguard.com/psirt/FG-IR-23-392 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.3.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.3.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.3.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.5.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.6.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.6.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:6.6.3:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisiem:7.0.0:*:*:*:*:*:*:*
History

21 Nov 2024, 08:27

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 3.3 		v2 : unknown
v3 : 2.3
References () https://fortiguard.com/psirt/FG-IR-23-392 - Vendor Advisory () https://fortiguard.com/psirt/FG-IR-23-392 - Vendor Advisory
Information

Published : 2023-11-14 18:15

Updated : 2024-11-21 08:27

NVD link : CVE-2023-45585

Mitre link : CVE-2023-45585

CVE.ORG link : CVE-2023-45585

JSON object : View

Products Affected

fortinet

CWE
CWE-532

Insertion of Sensitive Information into Log File