OpenCVE

Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Fortra	Robot Schedule Robot Schedule Enterprise

Configuration 1 [-]

cpe:2.3:a:fortra:robot_schedule:*:*:*:*:enterprise:*:*:*

No data.

References

Link	Providers
https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm
https://www.fortra.com/security/advisories/product-security/fi-2024-012

History

Thu, 17 Oct 2024 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fortra robot Schedule
CPEs		cpe:2.3:a:fortra:robot_schedule:::::enterprise:::*
Vendors & Products		Fortra robot Schedule

Fri, 11 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Fortra Fortra robot Schedule Enterprise
CPEs		cpe:2.3:a:fortra:robot_schedule_enterprise::::::::
Vendors & Products		Fortra Fortra robot Schedule Enterprise
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 09 Oct 2024 23:00:00 +0000

Type	Values Removed	Values Added
Description		Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.
Title		Sensitive information in agent log file when detailed logging is enabled with Robot Schedule Enterprise prior to version 3.05
Weaknesses		CWE-532
References		https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm https://www.fortra.com/security/advisories/product-security/fi-2024-012
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: Fortra

Published: 2024-10-09T22:44:35.429Z

Updated: 2024-10-10T20:16:18.755Z

Reserved: 2024-08-28T15:44:42.812Z

Link: CVE-2024-8264

Vulnrichment

Updated: 2024-10-10T20:16:05.595Z

NVD

Status : Analyzed

Published: 2024-10-09T23:15:11.093

Modified: 2024-10-17T14:06:39.420

Link: CVE-2024-8264

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8264", "assignerOrgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "state": "PUBLISHED", "assignerShortName": "Fortra", "dateReserved": "2024-08-28T15:44:42.812Z", "datePublished": "2024-10-09T22:44:35.429Z", "dateUpdated": "2024-10-10T20:16:18.755Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Robot Schedule Enterprise", "vendor": "Fortra", "versions": [{"lessThan": "3.05", "status": "affected", "version": "1.24", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.</span>"}], "value": "Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled."}], "impacts": [{"capecId": "CAPEC-54", "descriptions": [{"lang": "en", "value": "CAPEC-54 Query System for Information"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "shortName": "Fortra", "dateUpdated": "2024-10-09T22:44:35.429Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.fortra.com/security/advisories/product-security/fi-2024-012"}, {"tags": ["release-notes"], "url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Disable detailed logging for FTP and remove any sensitive log files. After upgrading to Robot Schedule Enterprise 3.05, detailed logging for FTP can be re-enabled as the username and password will no longer be written to the agent log.</span>\n\n<br>"}], "value": "Disable detailed logging for FTP and remove any sensitive log files. After upgrading to Robot Schedule Enterprise 3.05, detailed logging for FTP can be re-enabled as the username and password will no longer be written to the agent log."}], "source": {"discovery": "UNKNOWN"}, "title": "Sensitive information in agent log file when detailed logging is enabled with Robot Schedule Enterprise prior to version 3.05", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Disable detailed logging for FTP if it was previously enabled and remove any sensitive log files. NOTE: if detailed logging is not enabled, there is no exposure to this issue.</span>\n\n<br>"}], "value": "Disable detailed logging for FTP if it was previously enabled and remove any sensitive log files. NOTE: if detailed logging is not enabled, there is no exposure to this issue."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "fortra", "product": "robot_schedule_enterprise", "cpes": ["cpe:2.3:a:fortra:robot_schedule_enterprise:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "1.24", "status": "affected", "lessThan": "3.05", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-10T20:14:28.286053Z", "id": "CVE-2024-8264", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T20:16:18.755Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8264", "assignerOrgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "state": "PUBLISHED", "assignerShortName": "Fortra", "dateReserved": "2024-08-28T15:44:42.812Z", "datePublished": "2024-10-09T22:44:35.429Z", "dateUpdated": "2024-10-10T20:16:18.755Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Robot Schedule Enterprise", "vendor": "Fortra", "versions": [{"lessThan": "3.05", "status": "affected", "version": "1.24", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.</span>"}], "value": "Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled."}], "impacts": [{"capecId": "CAPEC-54", "descriptions": [{"lang": "en", "value": "CAPEC-54 Query System for Information"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "shortName": "Fortra", "dateUpdated": "2024-10-09T22:44:35.429Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.fortra.com/security/advisories/product-security/fi-2024-012"}, {"tags": ["release-notes"], "url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Disable detailed logging for FTP and remove any sensitive log files. After upgrading to Robot Schedule Enterprise 3.05, detailed logging for FTP can be re-enabled as the username and password will no longer be written to the agent log.</span>\n\n<br>"}], "value": "Disable detailed logging for FTP and remove any sensitive log files. After upgrading to Robot Schedule Enterprise 3.05, detailed logging for FTP can be re-enabled as the username and password will no longer be written to the agent log."}], "source": {"discovery": "UNKNOWN"}, "title": "Sensitive information in agent log file when detailed logging is enabled with Robot Schedule Enterprise prior to version 3.05", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Disable detailed logging for FTP if it was previously enabled and remove any sensitive log files. NOTE: if detailed logging is not enabled, there is no exposure to this issue.</span>\n\n<br>"}], "value": "Disable detailed logging for FTP if it was previously enabled and remove any sensitive log files. NOTE: if detailed logging is not enabled, there is no exposure to this issue."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8264", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-10T20:14:28.286053Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fortra:robot_schedule_enterprise:*:*:*:*:*:*:*:*"], "vendor": "fortra", "product": "robot_schedule_enterprise", "versions": [{"status": "affected", "version": "1.24", "lessThan": "3.05", "versionType": "semver"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T20:16:05.595Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortra:robot_schedule:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "44ADDC12-9EA8-4BA4-9D76-57FC4A558367", "versionEndExcluding": "3.05", "versionStartIncluding": "1.24", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled."}, {"lang": "es", "value": "Fortra's Robot Schedule Enterprise Agent anterior a la versi\u00f3n 3.05 escribe la informaci\u00f3n de nombre de usuario y contrase\u00f1a de FTP en el archivo de registro del agente cuando est\u00e1 habilitado el registro detallado."}], "id": "CVE-2024-8264", "lastModified": "2024-10-17T14:06:39.420", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "type": "Secondary"}]}, "published": "2024-10-09T23:15:11.093", "references": [{"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "tags": ["Release Notes"], "url": "https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm"}, {"source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "tags": ["Vendor Advisory"], "url": "https://www.fortra.com/security/advisories/product-security/fi-2024-012"}], "sourceIdentifier": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "df4dee71-de3a-4139-9588-11b62fe6c0ff", "type": "Secondary"}]}