Sensitive Information Disclosure in Fortra Application Hub Prior to version 1.3

FI-2025-003 - Sensitive Information Disclosure in Fortra Application Hub Prior to version 1.3

Severity
Medium
Published Date
17-Jan-2025
Updated Date
17-Jan-2025
Vulnerabilities
CVE-2024-11923
 
Notes
Description

Under certain log settings the IAM or CORE service will log credentials in the iam logfile in Fortra Application Hub (Formerly named Helpsystems One) prior to version 1.3.

 

Vulnerabilities

 
Sensitive Information Disclosure in Fortra Application Hub Prior to version 1.3
Severity
Medium
CVE
CVE-2024-11923
CWE
CWE-532:Insertion of Sensitive Information into Log File
Discovery Date
13-Jan-2025
CSSv3.1
5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
Affected Products
Fortra Application Hub Prior to 1.3
Vulnerability Notes
Remediation: Vendor Fix

Upgrade to Fortra Application Hub 1.3

 
Remediation: Mitigation

Avoid using trace level logging in Fortra Application Hub.

 
References
 

References