PSIRTExposure of Sensitive Information to an Unauthorized Actor
Summary
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiSIEM may allow a remote unauthenticated attacker who acquired knowledge of the agent's authorization header by other means to read the database password via crafted api requests
| Version | Affected | Solution |
|---|---|---|
| FortiSIEM 7.3 | Not affected | Not Applicable |
| FortiSIEM 7.2 | Not affected | Not Applicable |
| FortiSIEM 7.1 | Not affected | Not Applicable |
| FortiSIEM 7.0 | Not affected | Not Applicable |
| FortiSIEM 6.7 | 6.7.0 through 6.7.4 | Upgrade to 6.7.5 or above |
| FortiSIEM 6.6 | 6.6.0 through 6.6.3 | Upgrade to 6.6.4 or above |
| FortiSIEM 6.5 | 6.5.0 through 6.5.1 | Upgrade to 6.5.2 or above |
| FortiSIEM 6.4 | 6.4.0 through 6.4.2 | Upgrade to 6.4.3 or above |
| FortiSIEM 6.3 | 6.3 all versions | Migrate to a fixed release |
| FortiSIEM 6.2 | 6.2 all versions | Migrate to a fixed release |
| FortiSIEM 6.1 | 6.1 all versions | Migrate to a fixed release |
| FortiSIEM 5.4 | 5.4 all versions | Migrate to a fixed release |
| FortiSIEM 5.3 | 5.3 all versions | Migrate to a fixed release |
| FortiSIEM 5.2 | 5.2 all versions | Migrate to a fixed release |
| FortiSIEM 5.1 | 5.1 all versions | Migrate to a fixed release |