CVE-2024-8264

Oct. 17, 2024, 2:06 p.m.

5.5
Medium

Description

Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.

Product(s) Impacted

Vendor Product Versions
Fortra
  • Robot Schedule
  • *

Weaknesses

CWE-532
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

*CPE(s)

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a fortra robot_schedule / / / / enterprise / / /

References

https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm
https://www.fortra.com/security/advisories/product-security/fi-2024-012

Tags

CWE-532
df4dee71-de3a-4139-9588-11b62fe6c0ff
2024-10-09
CVE-2024-8264

CVSS Score

5.5 / 10

CVSS Data

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: NONE
  • Availability Impact: NONE
    • View Vector String

    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Date

  • Published: Oct. 9, 2024, 11:15 p.m.
  • Last Modified: Oct. 17, 2024, 2:06 p.m.

Status : Analyzed

CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.

More info

Source

df4dee71-de3a-4139-9588-11b62fe6c0ff

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.