CVE-2019-6700Sensitive Information Exposure in Fortinet Fortisiem

CWE-200Sensitive Information ExposureCWE-522Insufficiently Protected Credentials4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 53.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortisiemFortinet Fortisiem
Timeline
PublishedJan 7
Latest updateMay 24

Description

An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortisiem< 5.2.5
CVEListV5fortinet/fortinet_fortisiemFortiSIEM 5.2.2 and earlier

🔴Vulnerability Details

2
GHSA
GHSA-mv79-hh2r-jm7v: An information exposure vulnerability in the external authentication profile form of FortiSIEM 52022-05-24
CVEList
CVE-2019-6700: An information exposure vulnerability in the external authentication profile form of FortiSIEM 52020-01-07

📋Vendor Advisories

1
Fortinet
An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may all...2020-01-07
CVE-2019-6700 — Sensitive Information Exposure | cvebase