CVE-2023-26204
3.7LOWA plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4
Published: 6/13/2023Updated: 11/21/2024
Description
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI.
AI AnalysisPowered by AI
Affected Products
fortinetfortisiem
fortinetfortisiem
fortinetfortisiem
fortinetfortisiem
fortinetfortisiem
5.4.0
fortinetfortisiem
6.1.0
fortinetfortisiem
6.1.1
fortinetfortisiem
6.1.2
fortinetfortisiem
6.2.0
fortinetfortisiem
6.2.1
fortinetfortisiem
6.4.0
fortinetfortisiem
6.4.1
fortinetfortisiem
6.4.2
fortinetfortisiem
6.5.0
fortinetfortisiem
6.5.1
References
- https://fortiguard.com/psirt/FG-IR-21-141Vendor Advisory
- https://fortiguard.com/psirt/FG-IR-21-141Vendor Advisory