Logpoint SIEM 安全漏洞

Logpoint SIEM is a Security Information and Event Management SIEM solution from Logpoint, Inc. A security vulnerability exists in Logpoint SIEM versions prior to 7.7.0 that stems from prolonged exposure of sensitive information during high CPU loads...

CVE-2024-33856

An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint...

CVE-2024-48953

An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access...

CVE-2024-48950

An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication...

CVE-2024-33856

An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint...

CVE-2023-49950

The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting XSS payload and send it to any system or device that sends logs to th...