CVE-2023-28616

{"id": "CVE-2023-28616", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-26T04:15:07.790", "references": [{"url": "https://advisories.stormshield.eu/2023-006", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Stormshield Network Security (SNS) anterior a 4.3.17, 4.4.x a 4.6.x anterior a 4.6.4 y 4.7.x anterior a 4.7.1. Afecta a las cuentas de usuario cuya contrase\u00f1a tiene un signo igual o un espacio. El proceso serverd registra dichas contrase\u00f1as en texto plano y potencialmente env\u00eda estos registros al componente Syslog."}], "lastModified": "2024-01-04T15:28:24.317", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2ED1896-6DA3-413F-B5A1-AC1EE41470A6", "versionEndExcluding": "4.3.17", "versionStartIncluding": "2.7.0"}, {"criteria": "cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "601A3438-4E6E-46B6-B596-082C6EA8B1D1", "versionEndExcluding": "4.6.4", "versionStartIncluding": "4.4.0"}, {"criteria": "cpe:2.3:a:stormshield:network_security:4.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CEA8D81-9EC9-4285-9A9F-B60CE3A12ABA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}