3.3

CVE-2023-45585

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version  6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage.

Data is provided by the National Vulnerability Database (NVD)
FortinetFortisiem Version >= 5.3.0 <= 5.3.3
FortinetFortisiem Version >= 6.7.0 <= 6.7.6
FortinetFortisiem Version5.4.0
FortinetFortisiem Version6.1.0
FortinetFortisiem Version6.1.1
FortinetFortisiem Version6.1.2
FortinetFortisiem Version6.2.0
FortinetFortisiem Version6.2.1
FortinetFortisiem Version6.3.0
FortinetFortisiem Version6.3.1
FortinetFortisiem Version6.3.2
FortinetFortisiem Version6.3.3
FortinetFortisiem Version6.4.0
FortinetFortisiem Version6.4.1
FortinetFortisiem Version6.4.2
FortinetFortisiem Version6.5.0
FortinetFortisiem Version6.5.1
FortinetFortisiem Version6.6.0
FortinetFortisiem Version6.6.1
FortinetFortisiem Version6.6.2
FortinetFortisiem Version6.6.3
FortinetFortisiem Version7.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.05% 0.162
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
psirt@fortinet.com 2.3 0.8 1.4
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.