An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-23-392 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2023-11-14T18:05:44.008Z
Updated: 2024-08-30T18:12:40.795Z
Reserved: 2023-10-09T08:01:29.296Z
Link: CVE-2023-45585
Vulnrichment
Updated: 2024-08-02T20:21:16.654Z
NVD
Status : Modified
Published: 2023-11-14T18:15:55.617
Modified: 2024-11-21T08:27:00.600
Link: CVE-2023-45585
Redhat
No data.