CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path.

** PSIRT Advisories**

**FortiClientEMS - Environment variable information leaking in sign-in homepage**

**Summary**

An exposure of sensitive information to an unauthorized actor vulnerability \[CWE-200\] in FortiClientEMS mangement interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path.

**Affected Products**

FortiClientEMS version 7.0.6 through 7.0.7  
FortiClientEMS version 7.0.0 through 7.0.4  
FortiClientEMS 6.4 all versions  
FortiClientEMS 6.2 all versions

**Solutions**

Please upgrade to FortiClientEMS version 7.2.0 or above  
Please upgrade to FortiClientEMS version 7.0.8 or above

**Timeline**

2023-08-30: Initial publication

Headline

CVE-2021-44172: Fortiguard

CVE: Latest News