CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 2CVE-2023-34992
https://notcve.org/view.php?id=CVE-2023-34992
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet FortiSIEM versión 7.0.0 y 6.7.0 a 6.7.5 y 6.6.0 a 6.6.3 y 6.5.0 a 6.5.1 y Las versiones 6.4.0 a 6.4.2 permiten al atacante ejecutar código o comandos no autorizados a través de solicitudes API manipuladas. • https://github.com/horizon3ai/CVE-2023-34992 https://github.com/d0rb/CVE-2023-34992-Checker https://fortiguard.com/psirt/FG-IR-23-130 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36551
https://notcve.org/view.php?id=CVE-2023-36551
A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request. La exposición de información sensible a un actor no autorizado en Fortinet FortiSIEM versión 6.7.0 a 6.7.5 permite al atacante revelar información a través de una solicitud http manipulada. • https://fortiguard.com/psirt/FG-IR-23-126 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0CVE-2023-26204
https://notcve.org/view.php?id=CVE-2023-26204
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI. • https://fortiguard.com/psirt/FG-IR-21-141 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-43949
https://notcve.org/view.php?id=CVE-2022-43949
A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods. • https://fortiguard.com/psirt/FG-IR-22-259 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.8EPSS: 0%CPEs: 25EXPL: 0CVE-2022-42478
https://notcve.org/view.php?id=CVE-2022-42478
An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints. • https://fortiguard.com/psirt/FG-IR-22-258 • CWE-307: Improper Restriction of Excessive Authentication Attempts •