CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2023-26204
https://notcve.org/view.php?id=CVE-2023-26204
13 Jun 2023 — A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI. A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions,... • https://fortiguard.com/psirt/FG-IR-21-141 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-43949
https://notcve.org/view.php?id=CVE-2022-43949
13 Jun 2023 — A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods. • https://fortiguard.com/psirt/FG-IR-22-259 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.0EPSS: 0%CPEs: 25EXPL: 0CVE-2022-42478
https://notcve.org/view.php?id=CVE-2022-42478
13 Jun 2023 — An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints. • https://fortiguard.com/psirt/FG-IR-22-258 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-26119
https://notcve.org/view.php?id=CVE-2022-26119
02 Nov 2022 — A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password. Una vulnerabilidad de autenticación incorrecta en Fortinet FortiSIEM anterior a 6.5.0 permite a un atacante local con acceso CLI realizar operaciones en el servidor Glassfish directamente a través de una contraseña codificada. • https://fortiguard.com/psirt/FG-IR-22-064 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41023
https://notcve.org/view.php?id=CVE-2021-41023
02 Nov 2021 — A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files Un almacenamiento desprotegido de credenciales en Fortinet FortiSIEM Windows Agent versión 4.1.4 y por debajo, permite a un usuario autenticado revelar la contraseña del agente debido al almacenamiento de credenciales en texto plano en los archivos de registro • https://fortiguard.com/advisory/FG-IR-21-175 • CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41022
https://notcve.org/view.php?id=CVE-2021-41022
02 Nov 2021 — A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts Una administración inapropiada de privilegios en Fortinet FortiSIEM Windows Agent versión 4.1.4 y por debajo, permite a un atacante ejecutar código o comandos privilegiados por medio de scripts powershell • https://fortiguard.com/advisory/FG-IR-21-176 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9292
https://notcve.org/view.php?id=CVE-2020-9292
04 Jun 2020 — An unquoted service path vulnerability in the FortiSIEM Windows Agent component may allow an attacker to gain elevated privileges via the AoWinAgt executable service path. Una vulnerabilidad de la ruta de servicio sin comillas en el componente FortiSIEM Windows Agent puede permitir a un atacante alcanzar privilegios elevados por medio de la ruta de servicio del ejecutable AoWinAgt • https://fortiguard.com/advisory/FG-IR-20-021 • CWE-428: Unquoted Search Path or Element •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17653
https://notcve.org/view.php?id=CVE-2019-17653
12 Mar 2020 — A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en la interfaz de usuario de Fortinet FortiSIEM versión 5.2.5, podría permitir a un atacante no autenticado remoto llevar a cabo acciones arbitrarias usando una sesión de usuario auten... • https://fortiguard.com/psirt/%20FG-IR-19-240 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17651
https://notcve.org/view.php?id=CVE-2019-17651
28 Jan 2020 — An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule. Una vulnerabilidad de Neutralización Inadecuada de Entrada en los parámetros description y title de un Programa de Mantenimiento de Dispositivo en FortiSIEM... • https://fortiguard.com/psirt/FG-IR-19-197 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16153
https://notcve.org/view.php?id=CVE-2019-16153
23 Jan 2020 — A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials. Una vulnerabilidad de contraseña embebida en el componente base de datos de Fortinet FortiSIEM versión 5.2.5 y por debajo, puede permitir a atacantes acceder a la base de datos del dispositivo mediante el uso de credenciales estáticas. • https://fortiguard.com/advisory/FG-IR-19-195 • CWE-798: Use of Hard-coded Credentials •