CVE-2023-36494 - OpenCVE

Audit logs on F5OS-A may contain undisclosed sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
F5	F5os-a

Configuration 1 [-]

cpe:2.3:a:f5:f5os-a:1.4.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://my.f5.com/manage/s/article/K000134922

History

No history.

MITRE

Status: PUBLISHED

Assigner: f5

Published: 2023-08-02T15:54:26.677Z

Updated: 2024-08-02T16:45:57.143Z

Reserved: 2023-07-17T22:41:24.599Z

Link: CVE-2023-36494

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-08-02T16:15:10.207

Modified: 2023-08-07T20:03:35.267

Link: CVE-2023-36494

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-36494", "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "state": "PUBLISHED", "assignerShortName": "f5", "dateReserved": "2023-07-17T22:41:24.599Z", "datePublished": "2023-08-02T15:54:26.677Z", "dateUpdated": "2024-08-02T16:45:57.143Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "F5OS - Appliance", "vendor": "F5", "versions": [{"lessThan": "1.5.0", "status": "affected", "version": "1.4.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "F5"}], "datePublic": "2023-08-02T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Audit logs on F5OS-A may contain undisclosed sensitive information.</span>  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}], "value": "\nAudit logs on F5OS-A may contain undisclosed sensitive information.\u00a0 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5", "dateUpdated": "2023-08-02T15:54:26.677Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://my.f5.com/manage/s/article/K000134922"}], "source": {"discovery": "INTERNAL"}, "title": "F5OS-A vulnerability", "x_generator": {"engine": "F5 SIRTBot v1.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:45:57.143Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://my.f5.com/manage/s/article/K000134922"}]}]}}