🔧 Security Enhancements
Summary
The enhancements are intended to bolster our system's overall security posture and
defend against potential threats.
Affected Version
Solution
Vulnerability Details
> ZDI-CAN-25025 > Logsign Unified SecOps Platform Directory Traversal
Arbitrary File Deletion Vulnerability
> ZDI-CAN-25026: Logsign Unified SecOps Platform Directory data_export_delete_all
Traversal Arbitrary File Deletion Vulnerability
> ZDI-CAN-25027: Logsign Unified SecOps Platform Directory Traversal Information
Disclosure Vulnerability
> ZDI-CAN-25028: Logsign Unified SecOps Platform Directory Traversal
Arbitrary Directory Deletion Vulnerability
> ZDI-CAN-25029: Logsign Unified SecOps Platform Incorrect Authorization
Authentication Bypass Vulnerability
Mitigating Factors
Customers are advised to ensure they always have the latest version of the program.
Acknowledgement
Logsign would like to thank Abdessamad Lahlali and Smile Thanapattheerakul from
Trend Micro Zero Day Initiative for responsibly disclosing this issue.