CVE-2023-45585 LOW

CVE-2023-45585

Vendor Fortinet
Product FortiSIEM
Weakness CWE-532 · Sensitive info in logs
Published November 14, 2023
Last update August 30, 2024

CVSS base score

2.1/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

What the vulnerability does

01Description

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage.

Key dates

02Disclosure timeline

November 14, 2023 CVE published
August 30, 2024 Record updated