CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2023-36553
https://notcve.org/view.php?id=CVE-2023-36553
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to execute unauthorized code or commands via crafted API requests. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet FortiSIEM versión 5.4.0 y 5.3.0 a 5.3.3 y 5.2.5 a 5.2.8 y 5.2.1 a 5.2.2 y 5.1.0 a 5.1.3 y 5.0.0 a 5.0.1 y 4.10.0 y 4.9.0 y 4.7.2 permiten a un atacante ejecutar código o comandos no autorizados a través de solicitudes API manipuladas. • https://fortiguard.com/psirt/FG-IR-23-135 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 25EXPL: 0CVE-2022-42478
https://notcve.org/view.php?id=CVE-2022-42478
An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints. • https://fortiguard.com/psirt/FG-IR-22-258 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-26119
https://notcve.org/view.php?id=CVE-2022-26119
A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password. Una vulnerabilidad de autenticación incorrecta en Fortinet FortiSIEM anterior a 6.5.0 permite a un atacante local con acceso CLI realizar operaciones en el servidor Glassfish directamente a través de una contraseña codificada. • https://fortiguard.com/psirt/FG-IR-22-064 • CWE-798: Use of Hard-coded Credentials •