CVE-2024-11923

Summary

Under certain log settings the IAM or CORE service will log credentials in the iam logfile in Fortra Application Hub (Formerly named Helpsystems One) prior to version 1.3

Affected Software

VendorProductVersion RangeStatus
FortraFortra Application Hub1.0 <= 1.2affected

Weaknesses

  • CWE-532: CWE-532 Insertion of Sensitive Information into Log File

Workarounds

Avoid using "trace" logging levels in Fortra Application Hub

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References