CVE-2023-36551: Infoleak
First published: Wed Sep 13 2023(Updated: )
A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request.
Credit: psirt@fortinet.com psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiSIEM | >=6.7.0<6.7.6 |
Remedy
Please upgrade to FortiSIEM version 7.0.0 or above Please upgrade to FortiSIEM version 6.7.6 or above Please upgrade to FortiSIEM version 6.6.0 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for the exposure of sensitive information in Fortinet FortiSIEM?
The vulnerability ID for the exposure of sensitive information in Fortinet FortiSIEM is CVE-2023-36551.
What is the severity of CVE-2023-36551?
CVE-2023-36551 has a severity of 5.3 (medium).
Which version of Fortinet FortiSIEM is affected by CVE-2023-36551?
Fortinet FortiSIEM version 6.7.0 through 6.7.5 is affected by CVE-2023-36551.
How can an attacker exploit CVE-2023-36551?
An attacker can exploit CVE-2023-36551 by sending a crafted HTTP request to the vulnerable Fortinet FortiSIEM software.
Is there a fix available for CVE-2023-36551?
Yes, a fix for CVE-2023-36551 is available. It is recommended to update Fortinet FortiSIEM to version 6.7.6 or above.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/event
- agent/description
- agent/tags
- agent/first-publish-date
- vendor/fortinet
- canonical/fortinet fortisiem
- version/fortinet fortisiem/6.7.0