CVE-2023-6916

Name of the Vulnerable Software and Affected Versions: Nozomi Guardian and Nozomi Central Management Console (CMC) (affected versions not specified) OpenAPI (affected versions not specified)

Description: The issue is related to insufficient protection of audit records for OpenAPI requests, which may include sensitive information. This could lead to unauthorized accesses and privilege escalation.

Recommendations: For Nozomi Guardian and Nozomi Central Management Console (CMC), consider restricting access to audit records to minimize the risk of exploitation. For OpenAPI, as a temporary workaround, consider disabling the logging of sensitive information in audit records until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.