CVE-2023-28616

An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component.
References
Link Resource
https://advisories.stormshield.eu/2023-006 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
cpe:2.3:a:stormshield:stormshield_network_security:4.7.0:*:*:*:*:*:*:*

History

20 Aug 2024, 14:58

Type Values Removed Values Added
CPE cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*
cpe:2.3:a:stormshield:network_security:4.7.0:*:*:*:*:*:*:*
cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
cpe:2.3:a:stormshield:stormshield_network_security:4.7.0:*:*:*:*:*:*:*
First Time Stormshield stormshield Network Security

04 Jan 2024, 15:28

Type Values Removed Values Added
References () https://advisories.stormshield.eu/2023-006 - () https://advisories.stormshield.eu/2023-006 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-319
CPE cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*
cpe:2.3:a:stormshield:network_security:4.7.0:*:*:*:*:*:*:*

26 Dec 2023, 20:34

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-26 04:15

Updated : 2024-08-20 14:58


NVD link : CVE-2023-28616

Mitre link : CVE-2023-28616

CVE.ORG link : CVE-2023-28616


JSON object : View

Products Affected

stormshield

  • stormshield_network_security
CWE
CWE-319

Cleartext Transmission of Sensitive Information