CVE-2024-8264

EPSS 0.18%
Veröffentlicht 09.10.2024 23:15:11
Zuletzt bearbeitet 17.10.2024 14:06:39
Quelle df4dee71-de3a-4139-9588-11b62f
CVE-Watchlists
Login
Unerledigt
Login

Sensitive information in agent log file when detailed logging is enabled with Robot Schedule Enterprise prior to version 3.05

Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fortra ≫ Robot Schedule SwEditionenterprise Version >= 1.24 < 3.05

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.077

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
df4dee71-de3a-4139-9588-11b62fe6c0ff	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm

Release Notes

https://www.fortra.com/security/advisories/product-security/fi-2024-012

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-8264

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-8264

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-8264

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-8264