FortiSIEM LDAP server password reflected in GUI Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-18-382 Final 1 1 2019-03-29T00:00:00 Current version 2019-03-29T00:00:00 2019-03-29T00:00:00 An information exposure vulnerability in the admin portal of FortiSIEM may allow an authenticated admin to retrieve the LDAP server password via the HTML source code. This could potentially aggravate attacks targeting the authenticated admin session, should they exist (XSS, social engineering, proxy caching...). Information disclosure FortiSIEM 5.2.0 and below Upgrade to FortiSIEM 5.2.1 Fortinet is pleased to thank Yusuf TOPAL from Beyaz Bilgisayar Danmanlk Hizmetleri Ltd. ti. for reporting this vulnerability under responsible disclosure. CVE-2018-13378 4.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-18-382 FortiSIEM LDAP server password reflected in GUI Reference>