Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Product Security
Follow New articles New articles and comments

Product Security & Vulnerabilities

<h5>Addressing vulnerabilities to ensure the highest security standards</h5> <p>Logpoint engages with industry experts and customers to create innovative products that solve the challenges of today’s security teams, all backed by a support team dedicated to your success. </p> <h5>Secure by design with EAL3+ certification</h5> <p>LogPoint has Common Criteria EAL Level 3+ certification. Common Criteria certification confirms that rigorous security standards are met at one of the highest levels possible from development to implementation.</p> <p>EAL3+ certification ensures LogPoint protects data to help your organization meet GDPR compliance. </p> <h5>Rigorous security assessment through penetration testing</h5> <p>Logpoint proactively and consistently ensures that our platform is genuinely effective against any potential vulnerabilities.</p> <h5>Detection response process </h5> <p>When Logpoint or one of our customers discovers a vulnerability, we initiate our security triage. The vulnerability is assessed for its impact and critical level. After assessment, we remediate it. We communicate our findings and how we will solve the vulnerability according to our disclosure policy. Once we fix the vulnerability it becomes part of the upcoming Logpoint release.</p> <h5>Vulnerability discovery</h5> <p>If you discover what you think is a vulnerability, we want to hear from you. <a href="https://servicedesk.logpoint.com/hc/en-us/requests/new" target="_blank">Create a support ticket</a> or email us at lpsec@logpoint.com.</p> <p>&nbsp;</p> <h5>Security announcements</h5> <div class="my-activities-items" id="request-table"> <div class="my-activities-items__head"> <div class="my-activities-items__row"> <div class="my-activities-items__col">Date Published</div> <div class="my-activities-items__col">Title</div> </div> </div> <div class="my-activities-items__body"> <div class="my-activities-items__row my-activities-item"> <div class="my-activities-items__col"> <span id="date-published-t1">2024-10-04</span> </div> <div class="my-activities-items__col"> <a class="my-activities-item__title" id="title-t1" href="https://servicedesk.logpoint.com/hc/en-us/articles/22031522959773-Logpoint-response-to-latest-vulnerabilities" > Logpoint response to latest vulnerabilities </a> </div> </div> </div> <div class="my-activities-items__body"> <div class="my-activities-items__row my-activities-item"> <div class="my-activities-items__col"> <span id="date-published-t1">2024-04-03</span> </div> <div class="my-activities-items__col"> <a class="my-activities-item__title" id="title-t1" href="https://servicedesk.logpoint.com/hc/en-us/articles/17955781082781-Logpoint-response-on-CVE-2024-3094" > Logpoint response on CVE-2024-3094 </a> </div> </div> </div> </div> <h5 style="margin-bottom: -3rem">Logpoint advisories</h5>

LVD
Date Published
Title
Severity
CWE
CVE

Advisory ID: LVD-2024-016

CVSSv 4.0 Vector: AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L

CVSSv 4.0 Base Score: 5.9

Severity: Medium

CVE: CVE Reserved

CWE: CWE-1336

Date Published: 2024-10-15

Description:

Authenticated users can inject payloads while querying the Search Template Dashboard, which gets executed, leading to Server-Side Template Injection. 

Affected Product:

Logpoint versions prior to 7.5.0.

Solution:

Upgrade to Logpoint v7.5.0. 

Acknowledgments:

Mehmet D. Ince

Sr. Vulnerability Researcher

Prodaft

Server-Side Template Injection (SSTI) in Search Template Dashboard Queries

Advisory ID: LVD-2024-015

CVSSv 4.0 Vector: AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L

CVSSv 4.0 Base Score: 5.9

Severity: Medium

CVE: CVE Reserved

CWE: CWE-1336

Date Published: 2024-10-15

Description:

Authenticated users can inject payloads while creating a Search Template Dashboard, which gets executed, leading to Server-Side Template Injection. 

Affected Product:

Logpoint versions prior to 7.5.0.

Solution:

Upgrade to Logpoint v7.5.0.

Acknowledgments:

Mehmet D. Ince

Sr. Vulnerability Researcher

Prodaft

Server-Side Template Injection (SSTI) in Search Template Dashboard

Advisory ID: LVD-2024-014

CVSSv 4.0 Vector: AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

CVSSv 4.0 Base Score: 7.5

Severity: High

CVE: CVE Reserved

CWE: CWE-77

Date Published: 2024-10-15

Description:

Authenticated users can inject payloads while creating Universal Normalizer, which gets executed leading to Remote Code Execution.

Affected Product:

Universal Normalizer v5.6.0.

Solution:

Upgrade to Universal Normalizer v5.7.0.

Acknowledgments:

Mehmet D. Ince

Sr. Vulnerability Researcher

Prodaft

Remote Code Execution while creating Universal Normalizer

Advisory ID: LVD-2024-013

CVSSv 4.0 Vector: AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

CVSSv 4.0 Base Score: 7.5

Severity: High

CVE: CVE Reserved

CWE: CWE-77

Date Published: 2024-10-15

Description:

Authenticated users can inject malicious payloads in the Report Templates, which are executed when the backup process is initiated. This leads to Remote Code Execution.

Affected Product:

Logpoint versions prior to 7.5.0.

Solution:

Upgrade to Logpoint v7.5.0.

Acknowledgments:

Mehmet D. Ince

Sr. Vulnerability Researcher

Prodaft

Remote Code Execution while creating Report Templates

Advisory ID: LVD-2024-012

CVSSv 4.0 Vector: AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L

CVSSv 4.0 Base Score: 6.1

Severity: Medium

CVE: CVE-2024-48952

CWE: CWE-288

Date Published: 2024-10-02

Description:

SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints.

Affected Product:

Logpoint versions prior to 7.5.0.

Solution:

Upgrade to Logpoint v7.5.0.

Acknowledgments:

Mehmet D. Ince

Sr. Vulnerability Researcher

Prodaft

Static JWT Key enables unauthorized API access

Advisory ID: LVD-2024-011

CVSSv 4.0 Vector: AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

CVSSv 4.0 Base Score: 7.7

Severity: High

CVE: CVE-2024-48951

CWE: CWE-918, CWE-288

Date Published: 2024-10-02 

Description:

Server-Side Request Forgery (SSRF) can be used to leak Logpoint's API Token leading to authentication bypass.

Affected Product:

Logpoint versions prior to 7.5.0.

Solution:

Upgrade to Logpoint v7.5.0.

Acknowledgments:

Mehmet D. Ince

Sr. Vulnerability Researcher

Prodaft

Server-Side Request Forgery (SSRF) on SOAR, results in authentication bypass

Advisory ID: LVD-2024-010

CVSSv 4.0 Vector: AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

CVSSv 4.0 Base Score: 7.7

Severity: High

CVE: CVE-2024-48953

CWE: CWE-288

Date Published: 2024-10-02

Description:

Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access.

Affected Product:

Logpoint versions prior to 7.5.0.

Solution:

Upgrade to Logpoint v7.5.0.

Acknowledgments:

Mehmet D. Ince

Sr. Vulnerability Researcher

Prodaft

Authentication Bypass using URL endpoints in the Authentication Modules

Advisory ID: LVD-2024-009

CVSSv 4.0 Vector: AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L

CVSSv 4.0 Base Score: 6.1

Severity: High

CVE: CVE-2024-48954 

CWE: CWE-78

Date Published: 2024-10-02

Description:

Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution.

Affected Product:

Logpoint versions prior to 7.5.0.

Solution:

Upgrade to Logpoint v7.5.0.

Acknowledgments:

Mehmet D. Ince

Sr. Vulnerability Researcher

Prodaft

Remote Code Execution (RCE) in EventHub Collector

Advisory ID: LVD-2024-008

CVSSv 4.0 Vector: AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

CVSSv 4.0 Base Score: 7.7

Severity: High

CVE: CVE-2024-48950

CWE: CWE-288

Date Published: 2024-10-02

Description:

An endpoint used in Distributed Logpoint setup was exposed which allowed, attackers to bypass CSRF protections and authentication.

Affected Product:

Logpoint versions prior to 7.5.0.

Solution:

Upgrade to Logpoint v7.5.0.

Acknowledgments:

Mehmet D. Ince

Sr. Vulnerability Researcher

Prodaft

Authentication and CSRF bypass leading to unauthorized access

Advisory ID: LVD-2024-007

CVSSv 3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSSv 3.1 Base Score: 9.1

Severity: Critical

CVE: CVE-2024-36383

CWE: CWE-73

Date Published: 2024-05-27

Description:

The state parameter in the SAML SSO-URL response could be injected, causing arbitrary file deletion. Due to this, sometimes users could not log in using SAML Authentication.

Affected Product:

SAML Authentication v6.0.2

Solution:

Upgrade to SAML Authentication v6.0.3

Acknowledgments: -

 

 

Arbitrary file deletion through URL Injection to SAML SSO-URL Response

Advisory ID: LVD-2024-0005

CVSSv 3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSSv 3.1 Base Score: 6.5

Severity: Medium

CVE: CVE-2024-33860

CWE: CWE-73

Date Published: 2024-04-30

Description:

Logpoint before v7.4.0 is vulnerable to Local File Inclusion (LFI) attacks when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs.

Affected Product:

Logpoint versions before 7.4.0 

Solution:

Upgrade to Logpoint v7.4.0

Acknowledgments: -

 

 

Local File Inclusion in File System Collector

Advisory ID: LVD-2024-0004

CVSSv 3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSSv 3.1 Base Score: 5.4

Severity: Medium

CVE: CVE-2024-33859

CWE: CWE-79

Date Published: 2024-04-30

Description:

HTML code sent through logs wasn't being escaped in the Interesting Field in the UI, leading to XSS attack. 

Affected Product:

Logpoint versions before 7.4.0 

Solution:

Upgrade to Logpoint v7.4.0

Acknowledgments:

Jan Henrik Reimers

Hamburger Energiewerke

 

 

XSS in "Interesting Fields" in Logpoint Web UI

Advisory ID: LVD-2024-0006

CVSSv 3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSSv 3.1 Base Score: 4.3

Severity: Medium

CVE: CVE-2024-33858

CWE: CWE-73

Date Published: 2024-04-30

Description:

A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory.

Affected Product:

Logpoint versions before 7.4.0 

Solution:

Upgrade to Logpoint v7.4.0

Acknowledgments: -

 

 

Path Injection  on Enrichment Sources leading to arbitrary file write in /tmp folder

Advisory ID: LVD-2024-0003

CVSSv 3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CVSSv 3.1 Base Score: 9.6

Severity: Critical

CVE: CVE-2024-33857

CWE: CWE-918

Date Published: 2024-04-30

Description:

Due to a lack of input validation on URLs in Threat Intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery.

Affected Product:

Logpoint versions before 7.4.0 

Solution:

Upgrade to Logpoint v7.4.0

Acknowledgments: -

 

 

Server Side Request Forgery (SSRF) on Threat Intelligence

Advisory ID: LVD-2024-0002

CVSSv 3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSSv 3.1 Base Score: 5.3

Severity: Medium

CVE: CVE-2024-33856

CWE: CWE-204

Date Published: 2024-04-30

Description:

An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint.

Affected Product:

Logpoint versions before 7.4.0 

Solution:

Upgrade to Logpoint v7.4.0

Acknowledgments: -

 

 

Username enumeration using the forget password endpoint

Advisory ID: LVD-2024-0001

CVSSv 3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSSv 3.1 Base Score: 4.3

Severity: Medium

CVE: CVE-2024-30176

CWE: CWE-200, CWE-204

Date Published: 2024-04-25

Description:

In Logpoint versions before 7.4.0, attackers could enumerate a valid list of usernames using publicly exposed URLs of shared widgets.

Affected Product:

Logpoint versions before 7.4.0 

Solution:

Upgrade to Logpoint v7.4.0

Acknowledgments:

Hannes Fleisch

 

Username Enumeration on Shared Widgets

Advisory ID: LVD-2022-0002

CVSSv 3.1 Vector: AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:H/RL:U/RC:C

CVSSv 3.1 Base Score: 8.4

Severity: High

CVE: CVE-2022-48684

CWE: CWE-1336, CWE-78

Date Published: 2022-09-28

Last Updated: 2022-10-12

Description

Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to gain code execution. Any user with the access to create a search template can use this vulnerability to execute code in the system as loginspect user.

Affected Product

Logpoint versions 7.1.0 and earlier.

Solution

Upgrade to Logpoint version 7.1.1.

Acknowledgments

Timo Fahlenbock, IT Manager for StrikoWestofen GmbH in Norican Group (DISA)

Template injection in Search Template

Advisory ID: LVD-2022-0003

CVSSv 3.1 Vector: AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:H/RL:U/RC:C

CVSSv 3.1 Base Score: 7.2

Severity: High

CVE: CVE-2022-48685

CWE: CWE-732

Date Published: 2022-11-30

Last Updated: 2022-12-02

Description

The daily executed Cronjob-File clean_secbi_old_logs in Logpoint 7.1 Installation is writable for all users. The Cron is executed as root; any user can use this to execute any command in the system as root.

Affected Product

Logpoint v7.0.0 to v7.1.1

Solution

Upgrade Logpoint to v7.1.2

Acknowledgments

Timo Fahlenbock, IT Manager for StrikoWestofen GmbH in Norican Group (DISA)

Privilege Escalation Through Cronjob

Advisory ID: LVD-2023-0001

CVSSv 3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSSv 3.1 Base Score: 5.4

Severity: Medium

CVE: CVE-2023-49950

CWE: CWE-79, CWE-20

Date Published: 2023-10-12

Description

Crafted XSS payloads could be sent through logs. Alerts configured with such logs when rendered through a custom Jinja template caused XSS injection. 

A successful exploit could allow attackers to steal sensitive information.

Affected Product

Logpoint v6.10.0 to v7.2.4

Solution

Upgrade to Logpoint v7.3.0 or later

Acknowledgments

Ash Scott, Security Researcher, Shrike InfoSec

Stored XSS Vulnerability in Alerts via Log Injection

Advisory ID: LVD-2022-0001

CVSSv 3.1 Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C

CVSSv 3.1 Base Score: 4.8

Severity: Medium

CVE: CVE-2024-29865

CWE: CWE-79

Date Published: 2024-03-22

Description:

Self Cross-site scripting (Self-XSS) was seen on the LDAP authentication page because the username field on the LDAP login form was not sanitized.

Affected Product:

Logpoint v7.0.1 and earlier

Solution:

Upgrade to Logpoint v7.1.0

Acknowledgments:

Marcus Nilsson and Christian Rellmann from USD.

Self XSS on LDAP authentication
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.