CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-46667
https://notcve.org/view.php?id=CVE-2024-46667
14 Jan 2025 — A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections. • https://fortiguard.fortinet.com/psirt/FG-IR-24-164 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-52969
https://notcve.org/view.php?id=CVE-2024-52969
14 Jan 2025 — An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-417 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 2CVE-2024-23108
https://notcve.org/view.php?id=CVE-2024-23108
05 Feb 2024 — An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet F... • https://github.com/hitem/CVE-2024-23108 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-23109
https://notcve.org/view.php?id=CVE-2024-23109
05 Feb 2024 — An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet F... • https://fortiguard.com/psirt/FG-IR-23-130 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 3.3EPSS: 0%CPEs: 22EXPL: 0CVE-2023-45585
https://notcve.org/view.php?id=CVE-2023-45585
14 Nov 2023 — An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage. Una inserción de informac... • https://fortiguard.com/psirt/FG-IR-23-392 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 2CVE-2023-34992
https://notcve.org/view.php?id=CVE-2023-34992
10 Oct 2023 — A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet FortiSIEM versión 7.0.0 y 6.7.0 a 6.7.5 y 6.... • https://github.com/horizon3ai/CVE-2023-34992 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2023-26204
https://notcve.org/view.php?id=CVE-2023-26204
13 Jun 2023 — A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI. A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions,... • https://fortiguard.com/psirt/FG-IR-21-141 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2022-43949
https://notcve.org/view.php?id=CVE-2022-43949
13 Jun 2023 — A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods. • https://fortiguard.com/psirt/FG-IR-22-259 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.0EPSS: 0%CPEs: 25EXPL: 0CVE-2022-42478
https://notcve.org/view.php?id=CVE-2022-42478
13 Jun 2023 — An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints. • https://fortiguard.com/psirt/FG-IR-22-258 • CWE-307: Improper Restriction of Excessive Authentication Attempts •