PT-2019-4312 · Fortinet · Fortisiem

Published

2019-12-04

Updated

2021-07-21

CVE-2019-6700

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions FortiSIEM versions 5.2.2 and earlier

Description The issue is related to an information exposure in the external authentication profile form, potentially allowing an authenticated attacker to retrieve the external authentication password via the HTML source code. Additionally, there is a concern with the use of defective cryptographic algorithms, which could enable a remote attacker to gain unauthorized access to protected information.

Recommendations For FortiSIEM versions 5.2.2 and earlier, consider restricting access to the external authentication profile form until a fix is available. As a temporary workaround, restrict the use of defective cryptographic algorithms to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficiently Protected Credentials

Information Disclosure

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-200CWE-327

Related Identifiers

BDU:2020-00027

CVE-2019-6700

Affected Products

Fortisiem

PT-2019-4312 · Fortinet · Fortisiem

CVE-2019-6700

Weakness Enumeration

Related Identifiers

Affected Products

References · 5