Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-45585: Fortiguard

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage.

CVE
Open in Source
#vulnerability#auth

** PSIRT Advisories**

FortiSIEM - Encrypted password stored in logs

Summary

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage.

Affected Products

FortiSIEM version 7.0.0
FortiSIEM version 6.7.0 through 6.7.6
FortiSIEM version 6.6.0 through 6.6.3
FortiSIEM version 6.5.0 through 6.5.1
FortiSIEM version 6.4.0 through 6.4.2
FortiSIEM 6.3 all versions
FortiSIEM 6.2 all versions
FortiSIEM 6.1 all versions
FortiSIEM 5.4 all versions
FortiSIEM 5.3 all versions

Acknowledgement

Internally discovered and reported by Jingjin Zhu

Timeline

2023-11-07: Initial publication

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE