A logic flaw in Guardsix (formerly Logpoint) ODBC Enrichment Plugins allowed stored database credentials to be reused after the target Host, IP address, or Port was modified. When an authenticated Operator edited an existing Enrichment Source, previously stored credentials were retained even though the connection endpoint changed, enabling the Operator to redirect the database connection to unintended internal systems. This flaw facilitates Server‑Side Request Forgery and can lead to misuse of valid stored credentials against internal services.

Guardsix ODBC Enrichment Plugins versions prior to 5.2.1 are vulnerable. Guardsix 7.9.0.0 uses plugin version 5.2.1, which includes the fix, so systems running that release are not affected.

The vulnerability requires an authenticated Operator and leverages the web interface to modify an Enrichment Source. Exploitation would allow the attacker to reach protected internal network hosts and use valid credentials, potentially leading to data exfiltration or lateral movement. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, but the lack of a publicly known exploit does not eliminate the risk. The CVSS score of 8.5 indicates a high severity, underscoring the potential for significant internal compromise when the Operator has sufficient permissions.