CVE-2023-45585

CVE Database · CVE-2023-45585

CVE-2023-45585

· LOWModified

CVSS v3.1

2.3

EPSS

0.21%

Published

Nov 14, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-532

Affected Products (22)

fortinet · fortisiemvulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-23-392

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-23-392

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs