Exposure of Sensitive Information to an Unauthorized Actor

Exposure of Sensitive Information to an Unauthorized Actor Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-23-117 Final 1 1 2025-03-11T00:00:00 Current version 2025-03-11T00:00:00 2025-03-11T00:00:00 An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiSIEM may allow a remote unauthenticated attacker who acquired knowledge of the agent's authorization header by other means to read the database password via crafted api requests None Execute unauthorized code or commands None Internally discovered by Lance Yeaw from Fortinet technical support team. FortiSIEM 6.7.4 FortiSIEM 6.7.3 FortiSIEM 6.7.2 FortiSIEM 6.7.1 FortiSIEM 6.7.0 FortiSIEM 6.6.3 FortiSIEM 6.6.2 FortiSIEM 6.6.1 FortiSIEM 6.6.0 FortiSIEM 6.5.1 FortiSIEM 6.5.0 FortiSIEM 6.4.2 FortiSIEM 6.4.1 FortiSIEM 6.4.0 FortiSIEM 6.3.3 FortiSIEM 6.3.2 FortiSIEM 6.3.1 FortiSIEM 6.3.0 FortiSIEM 6.2.1 FortiSIEM 6.2.0 FortiSIEM 6.1.2 FortiSIEM 6.1.1 FortiSIEM 6.1.0 FortiSIEM 5.4.0 FortiSIEM 5.3.3 FortiSIEM 5.3.2 FortiSIEM 5.3.1 FortiSIEM 5.3.0 FortiSIEM 5.2.8 FortiSIEM 5.2.7 FortiSIEM 5.2.6 FortiSIEM 5.2.5 FortiSIEM 5.2.2 FortiSIEM 5.2.1 FortiSIEM 5.1.3 FortiSIEM 5.1.2 FortiSIEM 5.1.1 FortiSIEM 5.1.0 Exposure of Sensitive Information to an Unauthorized Actor CVE-2023-40723 FortiSIEM-6.7.4 FortiSIEM-6.7.3 FortiSIEM-6.7.2 FortiSIEM-6.7.1 FortiSIEM-6.7.0 FortiSIEM-6.6.3 FortiSIEM-6.6.2 FortiSIEM-6.6.1 FortiSIEM-6.6.0 FortiSIEM-6.5.1 FortiSIEM-6.5.0 FortiSIEM-6.4.2 FortiSIEM-6.4.1 FortiSIEM-6.4.0 FortiSIEM-6.3.3 FortiSIEM-6.3.2 FortiSIEM-6.3.1 FortiSIEM-6.3.0 FortiSIEM-6.2.1 FortiSIEM-6.2.0 FortiSIEM-6.1.2 FortiSIEM-6.1.1 FortiSIEM-6.1.0 FortiSIEM-5.4.0 FortiSIEM-5.3.3 FortiSIEM-5.3.2 FortiSIEM-5.3.1 FortiSIEM-5.3.0 FortiSIEM-5.2.8 FortiSIEM-5.2.7 FortiSIEM-5.2.6 FortiSIEM-5.2.5 FortiSIEM-5.2.2 FortiSIEM-5.2.1 FortiSIEM-5.1.3 FortiSIEM-5.1.2 FortiSIEM-5.1.1 FortiSIEM-5.1.0 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-23-117 Exposure of Sensitive Information to an Unauthorized Actor Reference>