CVE-2024-8264

Summary

Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled.

Affected Software

VendorProductVersion RangeStatus
FortraRobot Schedule Enterprise1.24 < 3.05affected

Weaknesses

  • CWE-532: CWE-532 Insertion of Sensitive Information into Log File

Workarounds

Disable detailed logging for FTP if it was previously enabled and remove any sensitive log files. NOTE: if detailed logging is not enabled, there is no exposure to this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References