CVE-2024-8264 (GCVE-0-2024-8264)
Vulnerability from cvelistv5
Published
2024-10-09 22:44
Modified
2024-10-10 20:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortra | Robot Schedule Enterprise |
Version: 1.24 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fortra:robot_schedule_enterprise:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "robot_schedule_enterprise",
"vendor": "fortra",
"versions": [
{
"lessThan": "3.05",
"status": "affected",
"version": "1.24",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T20:14:28.286053Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T20:16:18.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Robot Schedule Enterprise",
"vendor": "Fortra",
"versions": [
{
"lessThan": "3.05",
"status": "affected",
"version": "1.24",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eFortra\u0027s Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.\u003c/span\u003e"
}
],
"value": "Fortra\u0027s Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled."
}
],
"impacts": [
{
"capecId": "CAPEC-54",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-54 Query System for Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T22:44:35.429Z",
"orgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"shortName": "Fortra"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.fortra.com/security/advisories/product-security/fi-2024-012"
},
{
"tags": [
"release-notes"
],
"url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDisable detailed logging for FTP and remove any sensitive log files. After upgrading to Robot Schedule Enterprise 3.05, detailed logging for FTP can be re-enabled as the username and password will no longer be written to the agent log.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Disable detailed logging for FTP and remove any sensitive log files. After upgrading to Robot Schedule Enterprise 3.05, detailed logging for FTP can be re-enabled as the username and password will no longer be written to the agent log."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sensitive information in agent log file when detailed logging is enabled with Robot Schedule Enterprise prior to version 3.05",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDisable detailed logging for FTP if it was previously enabled and remove any sensitive log files. NOTE: if detailed logging is not enabled, there is no exposure to this issue.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Disable detailed logging for FTP if it was previously enabled and remove any sensitive log files. NOTE: if detailed logging is not enabled, there is no exposure to this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff",
"assignerShortName": "Fortra",
"cveId": "CVE-2024-8264",
"datePublished": "2024-10-09T22:44:35.429Z",
"dateReserved": "2024-08-28T15:44:42.812Z",
"dateUpdated": "2024-10-10T20:16:18.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"Robot Schedule Enterprise\", \"vendor\": \"Fortra\", \"versions\": [{\"lessThan\": \"3.05\", \"status\": \"affected\", \"version\": \"1.24\", \"versionType\": \"semver\"}]}], \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eFortra\u0027s Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.\u003c/span\u003e\"}], \"value\": \"Fortra\u0027s Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.\"}], \"impacts\": [{\"capecId\": \"CAPEC-54\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-54 Query System for Information\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"LOCAL\", \"availabilityImpact\": \"NONE\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-532\", \"description\": \"CWE-532 Insertion of Sensitive Information into Log File\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"df4dee71-de3a-4139-9588-11b62fe6c0ff\", \"shortName\": \"Fortra\", \"dateUpdated\": \"2024-10-09T22:44:35.429Z\"}, \"references\": [{\"tags\": [\"vendor-advisory\"], \"url\": \"https://www.fortra.com/security/advisories/product-security/fi-2024-012\"}, {\"tags\": [\"release-notes\"], \"url\": \"https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm\"}], \"solutions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eDisable detailed logging for FTP and remove any sensitive log files. After upgrading to Robot Schedule Enterprise 3.05, detailed logging for FTP can be re-enabled as the username and password will no longer be written to the agent log.\u003c/span\u003e\\n\\n\u003cbr\u003e\"}], \"value\": \"Disable detailed logging for FTP and remove any sensitive log files. After upgrading to Robot Schedule Enterprise 3.05, detailed logging for FTP can be re-enabled as the username and password will no longer be written to the agent log.\"}], \"source\": {\"discovery\": \"UNKNOWN\"}, \"title\": \"Sensitive information in agent log file when detailed logging is enabled with Robot Schedule Enterprise prior to version 3.05\", \"workarounds\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eDisable detailed logging for FTP if it was previously enabled and remove any sensitive log files. NOTE: if detailed logging is not enabled, there is no exposure to this issue.\u003c/span\u003e\\n\\n\u003cbr\u003e\"}], \"value\": \"Disable detailed logging for FTP if it was previously enabled and remove any sensitive log files. NOTE: if detailed logging is not enabled, there is no exposure to this issue.\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-8264\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-10T20:14:28.286053Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:fortra:robot_schedule_enterprise:*:*:*:*:*:*:*:*\"], \"vendor\": \"fortra\", \"product\": \"robot_schedule_enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.24\", \"lessThan\": \"3.05\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-10T20:16:05.595Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2024-8264\", \"assignerOrgId\": \"df4dee71-de3a-4139-9588-11b62fe6c0ff\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"Fortra\", \"dateReserved\": \"2024-08-28T15:44:42.812Z\", \"datePublished\": \"2024-10-09T22:44:35.429Z\", \"dateUpdated\": \"2024-10-10T20:16:18.755Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…