Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-23776: Fortiguard

An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer

CVE
#vulnerability#mac#auth

** PSIRT Advisories**

FortiAnalyzer – the log-fetch client request password is shown in clear text in the heartbeat response

Summary

An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer

Affected Products

FortiAnalyzer version 7.2.0 through 7.2.1
FortiAnalyzer version 7.0.0 through 7.0.4
FortiAnalyzer version 6.4.0 through 6.4.10

Solutions

Please upgrade to FortiAnalyzer version 7.2.2 or above
Please upgrade to FortiAnalyzer version 7.0.5 or above
Please upgrade to FortiAnalyzer version 6.4.11 or above

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda