<h5>Addressing vulnerabilities to ensure the highest security standards</h5> <p>Logpoint engages with industry experts and customers to create innovative products that solve the challenges of today’s security teams, all backed by a support team dedicated to your success. </p> <h5>Secure by design with EAL3+ certification</h5> <p>LogPoint has Common Criteria EAL Level 3+ certification. Common Criteria certification confirms that rigorous security standards are met at one of the highest levels possible from development to implementation.</p> <p>EAL3+ certification ensures LogPoint protects data to help your organization meet GDPR compliance. </p> <h5>Rigorous security assessment through penetration testing</h5> <p>Logpoint proactively and consistently ensures that our platform is genuinely effective against any potential vulnerabilities.</p> <h5>Detection response process </h5> <p>When Logpoint or one of our customers discovers a vulnerability, we initiate our security triage. The vulnerability is assessed for its impact and critical level. After assessment, we remediate it. We communicate our findings and how we will solve the vulnerability according to our disclosure policy. Once we fix the vulnerability it becomes part of the upcoming Logpoint release.</p> <h5>Vulnerability discovery</h5> <p>If you discover what you think is a vulnerability, we want to hear from you. <a href="https://servicedesk.logpoint.com/hc/en-us/requests/new" target="_blank">Create a support ticket</a> or email us at lpsec@logpoint.com.</p> <p> </p> <h5>Security announcements</h5> <div class="my-activities-items" id="request-table"> <div class="my-activities-items__head"> <div class="my-activities-items__row"> <div class="my-activities-items__col">Date Published</div> <div class="my-activities-items__col">Title</div> </div> </div> <div class="my-activities-items__body"> <div class="my-activities-items__row my-activities-item"> <div class="my-activities-items__col"> <span id="date-published-t1">2024-10-04</span> </div> <div class="my-activities-items__col"> <a class="my-activities-item__title" id="title-t1" href="https://servicedesk.logpoint.com/hc/en-us/articles/22031522959773-Logpoint-response-to-latest-vulnerabilities" > Logpoint response to latest vulnerabilities </a> </div> </div> </div> <div class="my-activities-items__body"> <div class="my-activities-items__row my-activities-item"> <div class="my-activities-items__col"> <span id="date-published-t1">2024-04-03</span> </div> <div class="my-activities-items__col"> <a class="my-activities-item__title" id="title-t1" href="https://servicedesk.logpoint.com/hc/en-us/articles/17955781082781-Logpoint-response-on-CVE-2024-3094" > Logpoint response on CVE-2024-3094 </a> </div> </div> </div> <div class="my-activities-items__body"> <div class="my-activities-items__row my-activities-item"> <div class="my-activities-items__col"> <span id="date-published-t1">2025-02-04</span> </div> <div class="my-activities-items__col"> <a class="my-activities-item__title" id="title-t1" href="https://servicedesk.logpoint.com/hc/en-us/articles/24913631512989-AgentX-Security-Updates" > AgentX Security Updates </a> </div> </div> </div> <!-- Add entries above this for updating security page. --> </div> <h5 style="margin-bottom: -3rem">Logpoint advisories</h5>
Advisory ID: LVD-2024-016
CVSSv 4.0 Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
CVSSv 4.0 Base Score: 6.9
Severity: Medium
CVE: CVE-2025-26789
CWE: CWE-1336
Date Published: 2025-01-28
Description:
A vulnerability caused by limited access controls allowed li-admin users to access sensitive information about AgentX Manager in Logpoint deployment.
Affected Product:
AgentX Versions before v1.5.0
Solution:
Upgrade to AgentX v1.5.0
Advisory ID: LVD-2024-016
CVSSv 4.0 Vector: AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L
CVSSv 4.0 Base Score: 5.9
Severity: Medium
CVE: CVE-2024-56087
CWE: CWE-1336
Date Published: 2024-10-15
Description:
Authenticated users can inject payloads while querying the Search Template Dashboard, which gets executed, leading to Server-Side Template Injection.
Affected Product:
Logpoint versions prior to 7.5.0.
Solution:
Upgrade to Logpoint v7.5.0.
Acknowledgments:
Mehmet D. Ince
Sr. Vulnerability Researcher
Advisory ID: LVD-2024-015
CVSSv 4.0 Vector: AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L
CVSSv 4.0 Base Score: 5.9
Severity: Medium
CVE: CVE-2024-56085
CWE: CWE-1336
Date Published: 2024-10-15
Description:
Authenticated users can inject payloads while creating a Search Template Dashboard, which gets executed, leading to Server-Side Template Injection.
Affected Product:
Logpoint versions prior to 7.5.0.
Solution:
Upgrade to Logpoint v7.5.0.
Acknowledgments:
Mehmet D. Ince
Sr. Vulnerability Researcher
Advisory ID: LVD-2024-014
CVSSv 4.0 Vector: AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
CVSSv 4.0 Base Score: 7.5
Severity: High
CVE: CVE-2024-56084
CWE: CWE-77
Date Published: 2024-10-15
Description:
Authenticated users can inject payloads while creating Universal Normalizer, which gets executed leading to Remote Code Execution.
Affected Product:
Universal Normalizer v5.6.0.
Solution:
Upgrade to Universal Normalizer v5.7.0.
Acknowledgments:
Mehmet D. Ince
Sr. Vulnerability Researcher
Advisory ID: LVD-2024-013
CVSSv 4.0 Vector: AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
CVSSv 4.0 Base Score: 7.5
Severity: High
CWE: CWE-77
Date Published: 2024-10-15
Description:
Authenticated users can inject malicious payloads in the Report Templates, which are executed when the backup process is initiated. This leads to Remote Code Execution.
Affected Product:
Logpoint versions prior to 7.5.0.
Solution:
Upgrade to Logpoint v7.5.0.
Acknowledgments:
Mehmet D. Ince
Sr. Vulnerability Researcher
Advisory ID: LVD-2024-012
CVSSv 4.0 Vector: AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L
CVSSv 4.0 Base Score: 6.1
Severity: Medium
CVE: CVE-2024-48952
CWE: CWE-288
Date Published: 2024-10-02
Description:
SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints.
Affected Product:
Logpoint versions prior to 7.5.0.
Solution:
Upgrade to Logpoint v7.5.0.
Acknowledgments:
Mehmet D. Ince
Sr. Vulnerability Researcher
Advisory ID: LVD-2024-011
CVSSv 4.0 Vector: AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
CVSSv 4.0 Base Score: 7.7
Severity: High
CVE: CVE-2024-48951
Date Published: 2024-10-02
Description:
Server-Side Request Forgery (SSRF) can be used to leak Logpoint's API Token leading to authentication bypass.
Affected Product:
Logpoint versions prior to 7.5.0.
Solution:
Upgrade to Logpoint v7.5.0.
Acknowledgments:
Mehmet D. Ince
Sr. Vulnerability Researcher
Advisory ID: LVD-2024-010
CVSSv 4.0 Vector: AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
CVSSv 4.0 Base Score: 7.7
Severity: High
CVE: CVE-2024-48953
CWE: CWE-288
Date Published: 2024-10-02
Description:
Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users to register their own authentication plugins in Logpoint, resulting in unauthorized access.
Affected Product:
Logpoint versions prior to 7.5.0.
Solution:
Upgrade to Logpoint v7.5.0.
Acknowledgments:
Mehmet D. Ince
Sr. Vulnerability Researcher
Advisory ID: LVD-2024-009
CVSSv 4.0 Vector: AV:A/AC:H/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L
CVSSv 4.0 Base Score: 6.1
Severity: High
CVE: CVE-2024-48954
CWE: CWE-78
Date Published: 2024-10-02
Description:
Unvalidated input during the EventHub Collector setup by an authenticated user leads to Remote Code execution.
Affected Product:
Logpoint versions prior to 7.5.0.
Solution:
Upgrade to Logpoint v7.5.0.
Acknowledgments:
Mehmet D. Ince
Sr. Vulnerability Researcher
Advisory ID: LVD-2024-008
CVSSv 4.0 Vector: AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
CVSSv 4.0 Base Score: 7.7
Severity: High
CVE: CVE-2024-48950
CWE: CWE-288
Date Published: 2024-10-02
Description:
An endpoint used in Distributed Logpoint setup was exposed which allowed, attackers to bypass CSRF protections and authentication.
Affected Product:
Logpoint versions prior to 7.5.0.
Solution:
Upgrade to Logpoint v7.5.0.
Acknowledgments:
Mehmet D. Ince
Sr. Vulnerability Researcher
Advisory ID: LVD-2024-007
CVSSv 3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CVSSv 3.1 Base Score: 9.1
Severity: Critical
CVE: CVE-2024-36383
CWE: CWE-73
Date Published: 2024-05-27
Description:
The state parameter in the SAML SSO-URL response could be injected, causing arbitrary file deletion. Due to this, sometimes users could not log in using SAML Authentication.
Affected Product:
SAML Authentication v6.0.2
Solution:
Upgrade to SAML Authentication v6.0.3
Acknowledgments: -
Advisory ID: LVD-2024-0005
CVSSv 3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSSv 3.1 Base Score: 6.5
Severity: Medium
CVE: CVE-2024-33860
CWE: CWE-73
Date Published: 2024-04-30
Description:
Logpoint before v7.4.0 is vulnerable to Local File Inclusion (LFI) attacks when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs.
Affected Product:
Logpoint versions before 7.4.0
Solution:
Upgrade to Logpoint v7.4.0
Acknowledgments: -
Advisory ID: LVD-2024-0004
CVSSv 3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CVSSv 3.1 Base Score: 5.4
Severity: Medium
CVE: CVE-2024-33859
CWE: CWE-79
Date Published: 2024-04-30
Description:
HTML code sent through logs wasn't being escaped in the Interesting Field in the UI, leading to XSS attack.
Affected Product:
Logpoint versions before 7.4.0
Solution:
Upgrade to Logpoint v7.4.0
Acknowledgments:
Jan Henrik Reimers
Hamburger Energiewerke
Advisory ID: LVD-2024-0006
CVSSv 3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSSv 3.1 Base Score: 4.3
Severity: Medium
CVE: CVE-2024-33858
CWE: CWE-73
Date Published: 2024-04-30
Description:
A path injection vulnerability is seen while adding a CSV enrichment source. The source_name parameter could be changed to an absolute path; this will write the CSV file to that path inside the /tmp directory.
Affected Product:
Logpoint versions before 7.4.0
Solution:
Upgrade to Logpoint v7.4.0
Acknowledgments: -
Advisory ID: LVD-2024-0003
CVSSv 3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
CVSSv 3.1 Base Score: 9.6
Severity: Critical
CVE: CVE-2024-33857
CWE: CWE-918
Date Published: 2024-04-30
Description:
Due to a lack of input validation on URLs in Threat Intelligence, an attacker with low-level access to the system can trigger Server Side Request Forgery.
Affected Product:
Logpoint versions before 7.4.0
Solution:
Upgrade to Logpoint v7.4.0
Acknowledgments: -
Advisory ID: LVD-2024-0002
CVSSv 3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSSv 3.1 Base Score: 5.3
Severity: Medium
CVE: CVE-2024-33856
CWE: CWE-204
Date Published: 2024-04-30
Description:
An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint.
Affected Product:
Logpoint versions before 7.4.0
Solution:
Upgrade to Logpoint v7.4.0
Acknowledgments: -
Advisory ID: LVD-2024-0001
CVSSv 3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSSv 3.1 Base Score: 4.3
Severity: Medium
CVE: CVE-2024-30176
Date Published: 2024-04-25
Description:
In Logpoint versions before 7.4.0, attackers could enumerate a valid list of usernames using publicly exposed URLs of shared widgets.
Affected Product:
Logpoint versions before 7.4.0
Solution:
Upgrade to Logpoint v7.4.0
Acknowledgments:
Hannes Fleisch
Advisory ID: LVD-2022-0002
CVSSv 3.1 Vector: AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:H/RL:U/RC:C
CVSSv 3.1 Base Score: 8.4
Severity: High
CVE: CVE-2022-48684
Date Published: 2022-09-28
Last Updated: 2022-10-12
Description
Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to gain code execution. Any user with the access to create a search template can use this vulnerability to execute code in the system as loginspect user.
Affected Product
Logpoint versions 7.1.0 and earlier.
Solution
Upgrade to Logpoint version 7.1.1.
Acknowledgments
Timo Fahlenbock, IT Manager for StrikoWestofen GmbH in Norican Group (DISA)
Advisory ID: LVD-2022-0003
CVSSv 3.1 Vector: AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H/E:H/RL:U/RC:C
CVSSv 3.1 Base Score: 7.2
Severity: High
CVE: CVE-2022-48685
CWE: CWE-732
Date Published: 2022-11-30
Last Updated: 2022-12-02
Description
The daily executed Cronjob-File clean_secbi_old_logs in Logpoint 7.1 Installation is writable for all users. The Cron is executed as root; any user can use this to execute any command in the system as root.
Affected Product
Logpoint v7.0.0 to v7.1.1
Solution
Upgrade Logpoint to v7.1.2
Acknowledgments
Timo Fahlenbock, IT Manager for StrikoWestofen GmbH in Norican Group (DISA)
Advisory ID: LVD-2023-0001
CVSSv 3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CVSSv 3.1 Base Score: 5.4
Severity: Medium
CVE: CVE-2023-49950
Date Published: 2023-10-12
Description
Crafted XSS payloads could be sent through logs. Alerts configured with such logs when rendered through a custom Jinja template caused XSS injection.
A successful exploit could allow attackers to steal sensitive information.
Affected Product
Logpoint v6.10.0 to v7.2.4
Solution
Upgrade to Logpoint v7.3.0 or later
Acknowledgments
Ash Scott, Security Researcher, Shrike InfoSec
Advisory ID: LVD-2022-0001
CVSSv 3.1 Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
CVSSv 3.1 Base Score: 4.8
Severity: Medium
CVE: CVE-2024-29865
CWE: CWE-79
Date Published: 2024-03-22
Description:
Self Cross-site scripting (Self-XSS) was seen on the LDAP authentication page because the username field on the LDAP login form was not sanitized.
Affected Product:
Logpoint v7.0.1 and earlier
Solution:
Upgrade to Logpoint v7.1.0
Acknowledgments:
Marcus Nilsson and Christian Rellmann from USD.