Saraunsh0X9

Name of the Vulnerable Software and Affected Versions: Seceon aiSIEM versions prior to 6.3.2 (build 585) Description: The issue is related to an unauthenticated account takeover in the Forgot Password feature. This is due to the lack of correct configuration, which allows an attacker to recover the password reset link generated via the password reset functionality. As a result, an unauthenticated attacker can set an arbitrary password for any user. Recommendations: For versions prior to 6.3.2 (build 585), update to version 6.3.2 (build 585) or later to resolve the issue. As a temporary workaround, consider disabling the Forgot Password feature until a patch is available. Restrict access to the password reset functionality to minimize the risk of exploitation.