CVE-2024-8264 – Sensitive information in agent log file when detailed logging is enabled with Robot Schedule Enterprise prior to version 3.05
https://notcve.org/view.php?id=CVE-2024-8264
Fortra's Robot Schedule Enterprise Agent prior to version 3.05 writes FTP username and password information to the agent log file when detailed logging is enabled. • https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm https://www.fortra.com/security/advisories/product-security/fi-2024-012 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2024-0259 – Privilege Escalation in Robot Schedule Enterprise Agent for Windows prior to version 3.04
https://notcve.org/view.php?id=CVE-2024-0259
Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges. El Robot Schedule Enterprise Agent de Fortra para Windows anterior a la versión 3.04 es susceptible a una escalada de privilegios. Un usuario con pocos privilegios puede sobrescribir el ejecutable del servicio. • https://hstechdocs.helpsystems.com/releasenotes/Content/_ProductPages/Robot/RobotScheduleEnterprise.htm https://www.fortra.com/security/advisory/fi-2024-005 • CWE-276: Incorrect Default Permissions •