CVE-2024-27782
https://notcve.org/view.php?id=CVE-2024-27782
Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-069 • CWE-613: Insufficient Session Expiration •
CVE-2024-27784
https://notcve.org/view.php?id=CVE-2024-27784
Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] in FortiAIOps version 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files. • https://fortiguard.fortinet.com/psirt/FG-IR-24-072 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2024-27785
https://notcve.org/view.php?id=CVE-2024-27785
An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps version 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports. • https://fortiguard.fortinet.com/psirt/FG-IR-24-073 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVE-2024-27783
https://notcve.org/view.php?id=CVE-2024-27783
Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-070 • CWE-352: Cross-Site Request Forgery (CSRF) •