CVE-2023-45585

CWE-532Log File Information Exposure4 documents4 sources
Severity
3.3LOW
EPSS
0.1%
top 83.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortisiem
Timeline
PublishedNov 14

Description

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 0.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5fortinet/fortisiem6.7.06.7.6+9
NVDfortinet/fortisiem5.3.05.3.3+21

🔴Vulnerability Details

2
CVEList
CVE-2023-45585: An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 72023-11-14
GHSA
GHSA-j2wh-jq5r-qm6f: An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 72023-11-14

📋Vendor Advisories

1
Fortinet
An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 an...2023-11-14
CVE-2023-45585 (LOW CVSS 3.3) | An insertion of sensitive informati | cvebase.io