Rushmi Bhuju

**Name of the Vulnerable Software and Affected Versions** Logpoint SAML Authentication versions prior to 6.0.3 **Description** An issue in Logpoint SAML Authentication allows an attacker to place a crafted filename in the `state` field of a SAML SSO-URL response. This can lead to the deletion of the file corresponding to the crafted filename, resulting in a SAML Authentication login outage. The vulnerability is related to incorrect external management of a filename or path. Exploitation can allow a remote attacker to delete arbitrary files and cause authentication failures. **Recommendations** For versions prior to 6.0.3, update to version 6.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the SAML SSO-URL response to minimize the risk of exploitation. Avoid using crafted filenames in the `state` field of the SAML SSO-URL response until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Logpoint versions prior to 7.4.0 **Description** An issue was discovered in Logpoint where an attacker can enumerate a valid list of usernames by observing the response time at the "Forgot Password" endpoint. **Recommendations** For versions prior to 7.4.0, update to version 7.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Forgot Password" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Logpoint versions prior to 7.4.0 **Description** An issue was discovered that allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs. **Recommendations** For versions prior to 7.4.0, update to version 7.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of arbitrary File Paths within the File System Collector to minimize the risk of exploitation.