Design/Logic Flaw

2023-11-1418:15:00

PRIOn knowledge base

www.prio-n.com

fortisiem

vulnerability

log file

elasticsearch

encrypted password

debug log

nvd

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage.

CPENameOperatorVersion
fortisiemeq6.4.1
fortisiemeq6.4.0
fortisiemeq6.2.1
fortisiemeq6.2.0
fortisiemeq5.4.0
fortisiemge5.3.0
fortisiemle5.3.3
fortisiemeq6.6.0
fortisiemeq6.6.1
fortisiemeq6.6.2

Name	Operator	Version
fortisiem	eq	6.4.1
fortisiem	eq	6.4.0
fortisiem	eq	6.2.1
fortisiem	eq	6.2.0
fortisiem	eq	5.4.0
fortisiem	ge	5.3.0
fortisiem	le	5.3.3
fortisiem	eq	6.6.0
fortisiem	eq	6.6.1
fortisiem	eq	6.6.2

Rows per page:

1-10 of 241

References

fortiguard.com/psirt/FG-IR-23-392