Glassfish local credentials stored in plain text
Summary
An improper authentification vulnerability [CWE-287] in FortiSIEM may allow a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password.
Affected Products
At least
FortiSIEM 6.4 all versions
FortiSIEM 6.3 all versions
FortiSIEM 6.2 all versions
FortiSIEM 6.1 all versions
FortiSIEM 5.4 all versions
FortiSIEM 5.3 all versions
FortiSIEM 5.2 all versions
FortiSIEM 5.1 all versions
FortiSIEM 5.0 all versions
Solutions
Please upgrade to FortiSIEM version 6.5.0 or above