Page 2 of 9 results (0.003 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request. La exposición de información sensible a un actor no autorizado en Fortinet FortiSIEM versión 6.7.0 a 6.7.5 permite al atacante revelar información a través de una solicitud http manipulada. • https://fortiguard.com/psirt/FG-IR-23-126 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 15EXPL: 0

A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI. • https://fortiguard.com/psirt/FG-IR-21-141 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •

CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0

A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods. • https://fortiguard.com/psirt/FG-IR-22-259 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 8.8EPSS: 0%CPEs: 25EXPL: 0

An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints. • https://fortiguard.com/psirt/FG-IR-22-258 • CWE-307: Improper Restriction of Excessive Authentication Attempts •