A potential security vulnerability in some Intel® On Demand agent software may allow information disclosure . Intel is releasing software updates to mitigate this potential vulnerability.
CVEID: CVE-2023-32283
Description: Insertion of sensitive information into log file in some Intel® On Demand software before versions 1.16.2, 2.1.1, 3.1.0 may allow an authenticated user to potentially enable information disclosure via local access.
CVSS Base Score: 5.5 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Intel® On Demand agent software in the following versions: 1.16.1.1, 2.1.0.1, 3.0.1.3.
Intel recommends that users of Intel® On Demand update to the latest version provided by the system manufacturer that addresses these issues.
This issue was found internally by Intel employees. Intel would like to thank Marcin Kolasinski.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.