CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password.

** PSIRT Advisories**

**FortiSOAR - PostgreSQL DB access to local users**

**Summary**

A missing authentication for critical function \[CWE-306\] vulnerabilty in FortiSOAR's Postgres database may allow a local attacker to access sensitive information via logging into the database using a privileged account without a password.

**Affected Products**

FortiSOAR version 7.2.0  
FortiSOAR version 7.0.0 through 7.0.3  
FortiSOAR version 6.4.0 through 6.4.4

**Solutions**

Please upgrade to FortiSOAR version 7.3.0 or above  
Please upgrade to FortiSOAR version 7.2.3 or above

**Acknowledgement**

Fortinet is pleased to thank Alok Agarwal from Fortinet's Dev team.

Headline

CVE-2022-42473: Fortiguard

CVE: Latest News