CVSS: 2.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27780
https://notcve.org/view.php?id=CVE-2024-27780
11 Feb 2025 — Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests. Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow ... • https://fortiguard.fortinet.com/psirt/FG-IR-23-324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-46667
https://notcve.org/view.php?id=CVE-2024-46667
14 Jan 2025 — A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections. • https://fortiguard.fortinet.com/psirt/FG-IR-24-164 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-52969
https://notcve.org/view.php?id=CVE-2024-52969
14 Jan 2025 — An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-417 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 2CVE-2024-23108
https://notcve.org/view.php?id=CVE-2024-23108
05 Feb 2024 — An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet F... • https://github.com/hitem/CVE-2024-23108 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-23109
https://notcve.org/view.php?id=CVE-2024-23109
05 Feb 2024 — An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet F... • https://fortiguard.com/psirt/FG-IR-23-130 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 3.3EPSS: 0%CPEs: 22EXPL: 0CVE-2023-45585
https://notcve.org/view.php?id=CVE-2023-45585
14 Nov 2023 — An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage. Una inserción de informac... • https://fortiguard.com/psirt/FG-IR-23-392 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-41676
https://notcve.org/view.php?id=CVE-2023-41676
14 Nov 2023 — An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs. Una exposición de información confidencial a un actor no autorizado [CWE-200] en FortiSIEM versión 7.0.0 y anteriores a 6.7.5 puede permitir que un atacante con acceso a los registros del agente de Windows obtenga la contraseña del agente de Windows mediante la búsqueda ... • https://fortiguard.com/psirt/FG-IR-23-290 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 2CVE-2023-34992
https://notcve.org/view.php?id=CVE-2023-34992
10 Oct 2023 — A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet FortiSIEM versión 7.0.0 y 6.7.0 a 6.7.5 y 6.... • https://github.com/horizon3ai/CVE-2023-34992 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36551
https://notcve.org/view.php?id=CVE-2023-36551
13 Sep 2023 — A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request. La exposición de información sensible a un actor no autorizado en Fortinet FortiSIEM versión 6.7.0 a 6.7.5 permite al atacante revelar información a través de una solicitud http manipulada. • https://fortiguard.com/psirt/FG-IR-23-126 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2023-26204
https://notcve.org/view.php?id=CVE-2023-26204
13 Jun 2023 — A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI. A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions,... • https://fortiguard.com/psirt/FG-IR-21-141 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •