ghsa-8p78-mrgj-hw73
Vulnerability from github
Published
2024-06-06 00:30
Modified
2024-07-18 21:30
Severity
4.2 (Medium) - CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
8.5 (High) - CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L
8.5 (High) - CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L
Details
Under certain circumstances the Microsoft® Internet Information Server (IIS) used to host the C•CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C•CURE 9000 or prior versions
{ "affected": [], "aliases": [ "CVE-2024-0912" ], "database_specific": { "cwe_ids": [ "CWE-532" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2024-06-06T00:15:09Z", "severity": "HIGH" }, "details": "Under certain circumstances the Microsoft\u00ae Internet Information Server (IIS) used to host the C\u2022CURE 9000 Web Server will log Microsoft Windows credential details within logs. There is no impact to non-web service interfaces C\u2022CURE 9000 or prior versions", "id": "GHSA-8p78-mrgj-hw73", "modified": "2024-07-18T21:30:36Z", "published": "2024-06-06T00:30:28Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0912" }, { "type": "WEB", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-03" }, { "type": "WEB", "url": "https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2024/jci-psa-2024-04.pdf" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", "type": "CVSS_V3" }, { "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "type": "CVSS_V4" } ] }
Loading...