Sensitive Information Disclosure in Fortra Application Hub Prior to version 1.3

FI-2025-003 - Sensitive Information Disclosure in Fortra Application Hub Prior to version 1.3

Severity

Medium

Published Date

17-Jan-2025

Updated Date

17-Jan-2025

Vulnerabilities

CVE-2024-11923

Notes

Description

Under certain log settings the IAM or CORE service will log credentials in the iam logfile in Fortra Application Hub (Formerly named Helpsystems One) prior to version 1.3.

Vulnerabilities

Sensitive Information Disclosure in Fortra Application Hub Prior to version 1.3

Severity

Medium

CVE

CVE-2024-11923

CWE

CWE-532:Insertion of Sensitive Information into Log File

Discovery Date

13-Jan-2025

CSSv3.1

5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products

Fortra Application Hub Prior to 1.3

Vulnerability Notes

Remediation: Vendor Fix

Upgrade to Fortra Application Hub 1.3

Remediation: Mitigation

Avoid using trace level logging in Fortra Application Hub.

References

CVE-2024-11923 (https://www.cve.org/CVERecord?id=CVE-2024-11923)

References

CVE-2024-11923

Sensitive Information Disclosure in Fortra Application Hub Prior to version 1.3

FI-2025-003 - Sensitive Information Disclosure in Fortra Application Hub Prior to version 1.3

Notes

Vulnerabilities

Vulnerability Notes

References

References

Privacy Policy

Cookie Policy

Accessibility

Impressum