CVE-2024-5275

A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle MiTM attack against users of the...

CVE-2024-5275 Hard-coded password in FileCatalyst Direct 3.8.10 Build 138 TransferAgent (and earlier) and FileCatalyst Workflow 5.1.6 Build 130 (and earlier)

A hard-coded password in the FileCatalyst TransferAgent can be found which can be used to unlock the keystore from which contents may be read out, for example, the private key for certificates. Exploit of this vulnerability could lead to a machine-in-the-middle MiTM attack against users of the...

CVE-2024-5275

CVE-2024-5275 involves a hard-coded password in the FileCatalyst TransferAgent that can unlock the keystore and expose contents such as private keys, enabling potential MiTM on affected users. Affected products and versions: FileCatalyst Direct 3.8.10 Build 138 and earlier, and FileCatalyst Workf...

PT-2024-35424

Name of the Vulnerable Software and Affected Versions FileCatalyst Direct versions 3.8.10 Build 138 and earlier FileCatalyst Workflow versions 5.1.6 Build 130 and earlier Description A hard-coded password in the FileCatalyst TransferAgent can be used to unlock the keystore, allowing access to its...

PT-2024-33110 · Trellix · Trellix Epolicy Orchestrator

Name of the Vulnerable Software and Affected Versions: Trellix ePolicy Orchestrator ePO on Premise versions prior to 5.10 Service Pack 1 Update 2 Description: A hardcoded credentials issue allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file,...

Broadcom Brocade SANnav 安全漏洞

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A security vulnerability exists in Broadcom Brocade SANnav versions prior to v2.3.1, v2.3.0a, which stems from a vulnerability that allows authenticated users to print Auth, Priv, and SSL keystore...

BIT-LOGSTASH-2023-46672 Logstash Insertion of Sensitive Information into Log File

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: Logstash is configured to log in JSON format...

foreman: World readable file containing secrets

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable...

CLSA-2024-1707420277 Fix CVE(s): CVE-2023-46589

SECURITY UPDATE: Incorrect parsing of HTTP trailer headers - debian/patches/CVE-2023-46589.patch: Ensure IOException on request read always triggers error handling - CVE-2023-46589 Internal tests: - debian/patches/0100-stop-testing-if-a-failure-occurs.patch: Stop testing if a failure occurs -...

CLSA-2024-1705081413 Fix CVE(s): CVE-2023-46589

SECURITY UPDATE: Request smuggling - debian/patches/CVE-2023-46589-pre1.patch: Correct a regression in the error page handling that prevented error pages from issuing redirects or taking other action that required the response status code to be changed - debian/patches/CVE-2023-46589-pre2.patch:...

foreman: World readable file containing secrets

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable...

SUSE CVE-2023-46672

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: Logstash is configured to log in JSON format...

Elastic Logstash 8.10.x < 8.11.1 Information Disclosure Vulnerability (ESA-2023-26)

Elastic Logstash is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2023-46672

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: Logstash is configured to log in JSON format...

CVE-2023-46672

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: Logstash is configured to log in JSON format...

Design/Logic Flaw

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: Logstash is configured to log in JSON format...

CVE-2023-46672 Logstash Insertion of Sensitive Information into Log File

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: Logstash is configured to log in JSON format...

Logstash 8.11.1 Security Update (ESA-2023-26)

Logstash Insertion of Sensitive Information into Log File ESA-2023-26 An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: Logstash is configured to log in JSON format...

PT-2023-7174 · Elastic · Logstash

Name of the Vulnerable Software and Affected Versions: Elastic Logstash affected versions not specified Description: The issue is related to the disclosure of sensitive information through log files in Elastic Logstash. This can occur when Logstash is configured to log in JSON format, which is no...

CVE-2023-4886

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable...