CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request.

** PSIRT Advisories**

**FortiSIEM - Full path disclosure vulnerability**

**Summary**

An exposure of sensitive information to an unauthorized actor vulnerability \[CWE-200\] in FortiSIEM may allow an authenticated attacker to obtain the absolute path of files used by the supervisor, which could be dangerous if used in conjunction with other vulnerabilities.

**Affected Products**

FortiSIEM version 6.7.0 through 6.7.5

**Solutions**

Please upgrade to FortiSIEM version 7.0.0 or above  
Please upgrade to FortiSIEM version 6.7.6 or above  
Please upgrade to FortiSIEM version 6.6.0 or above

**Acknowledgement**

Internally discovered and reported by Adham El karn of Fortinet Product Security team.

**Timeline**

2023-09-07: Initial publication

Headline

CVE-2023-36551: Fortiguard

CVE: Latest News