CVE-2021-41023

MEDIUM

Fortinet FortiSIEM <4.1.4 - Info Disclosure

Title source: llm

Description

A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files

References (1)

[Vendor Advisory] https://fortiguard.com/advisory/FG-IR-21-175

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 15.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

fortinet/fortisiem < 4.1.4

Timeline

Published Nov 02, 2021

Tracked Since Feb 18, 2026