N/A

An issue was discovered in guardsix (formerly Logpoint) ODBC Enrichment Plugins before 5.2.1 (5.2.1 is used in guardsix 7.9.0.0). A logic flaw allowed stored database credentials to be reused after modification of the target Host, IP address, or Port. When editing an existing Enrichment Source, previously stored credentials were retained even if the connection endpoint was changed. An authenticated Operator user could redirect the database connection to unintended internal systems, resulting in SSRF and potential misuse of valid stored credentials.

N/A

N/A

guardsix ODBC Enrichment Plugins 代码问题漏洞

guardsix ODBC Enrichment Plugins是丹麦guardsix公司的一组数据扩展插件。 guardsix ODBC Enrichment Plugins 5.2.1之前版本存在代码问题漏洞，该漏洞源于逻辑缺陷，允许在修改目标主机、IP地址或端口后重用存储的数据库凭据，可能导致经过身份验证的操作员用户将数据库连接重定向到非预期的内部系统，造成服务端请求伪造和潜在凭据滥用。

N/A

N/A