FortiSIEM External Authentication (AES) encrypted password reflected in GUI Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-19-100 Final 1 1 2019-10-08T00:00:00 Current version 2019-10-08T00:00:00 2019-10-08T00:00:00 An information exposure vulnerability in the external authentication profile form of FortiSIEM may allow an authenticated attacker to retrieve the external authentication password via the HTML source code.This could potentially aggravate attacks targeting the authenticated admin session, should they exist (XSS, social engineering, proxy caching...). Information disclosure FortiSIEM version 5.2.2 and below Please upgrade to FortiSIEM version 5.2.5 and above Fortinet is pleased to thank Yavuz YKSEL security researcher for reporting this vulnerability under responsible disclosure. CVE-2019-6700 3.4 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-19-100 FortiSIEM External Authentication (AES) encrypted password reflected in GUI Reference>