Glassfish local credentials stored in plain text
Summary
An improper authentification vulnerability [CWE-287] in FortiSIEM may allow a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password.
Affected Products
At least
FortiSIEM 6.4 all versions
FortiSIEM 6.3 all versions
FortiSIEM 6.2 all versions
FortiSIEM 6.1 all versions
FortiSIEM 5.4 all versions
FortiSIEM 5.3 all versions
FortiSIEM 5.2 all versions
FortiSIEM 5.1 all versions
FortiSIEM 5.0 all versions
Solutions
Please upgrade to FortiSIEM version 6.5.0 or above
Acknowledgement
Fortinet is pleased to thank Victor Pasman and James Reno for reporting this vulnerability under responsible disclosure.Timeline
2022-11-01: Initial publication