Core Privileged Access Manager (BoKS) Leakage of Sensitive Data via the Cache
A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix #0474 on Linux, AIX, and Solaris allows low privilege local users to dump data from the cache.
Problem Types
| Type | CWE ID | Description |
|---|
| CWE | CWE-524 | CWE-524: Use of Cache Containing Sensitive Information |
Type: CWE
Description: CWE-524: Use of Cache Containing Sensitive Information
Metrics
| Version | Base score | Base severity | Vector |
|---|
| 3.1 | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Impacts
| CAPEC ID | Description |
|---|
| CAPEC-204 | CAPEC-204 Lifting Sensitive Data Embedded in Cache |
Description: CAPEC-204 Lifting Sensitive Data Embedded in Cache