CVE-2024-8689

A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles.

CVSS

No CVSS.

References

Link	Resource
https://security.paloaltonetworks.com/CVE-2024-8689

Configurations

No configuration.

History

12 Sep 2024, 12:35

Type	Values Removed	Values Added
Summary		(es) Un problema con la integración de ActiveMQ tanto para Cortex XSOAR como para Cortex XSIAM puede provocar la exposición de texto plano de las credenciales de ActiveMQ configuradas en paquetes de registros.

11 Sep 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-11 17:15

Updated : 2024-09-12 12:35

NVD link : CVE-2024-8689

Mitre link : CVE-2024-8689

CVE.ORG link : CVE-2024-8689

JSON object : View

Products Affected

No product.

CWE

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2024-8689", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "AUTOMATIC", "baseScore": 6.0, "automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-09-11T17:15:14.380", "references": [{"url": "https://security.paloaltonetworks.com/CVE-2024-8689", "source": "psirt@paloaltonetworks.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@paloaltonetworks.com", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles."}, {"lang": "es", "value": "Un problema con la integraci\u00f3n de ActiveMQ tanto para Cortex XSOAR como para Cortex XSIAM puede provocar la exposici\u00f3n de texto plano de las credenciales de ActiveMQ configuradas en paquetes de registros."}], "lastModified": "2024-09-12T12:35:54.013", "sourceIdentifier": "psirt@paloaltonetworks.com"}

CVE-2024-8689

JSON object

Attach tags to CVE-2024-8689

Attach tags to `CVE-2024-8689`