CVSS: 9.9EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40714
https://notcve.org/view.php?id=CVE-2023-40714
02 Apr 2025 — A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements • https://fortiguard.com/psirt/FG-IR-23-085 • CWE-23: Relative Path Traversal •
CVSS: 4.7EPSS: 0%CPEs: 12EXPL: 0CVE-2024-55592
https://notcve.org/view.php?id=CVE-2024-55592
11 Mar 2025 — An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions, may allow an authenticated attacker to perform unauthorized operations on incidents via crafted HTTP requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-377 • CWE-863: Incorrect Authorization •
CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0CVE-2023-40723
https://notcve.org/view.php?id=CVE-2023-40723
11 Mar 2025 — An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2 and 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 allows attacker to execute unauthorized code or commands via api request. • https://fortiguard.com/psirt/FG-IR-23-117 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-46667
https://notcve.org/view.php?id=CVE-2024-46667
14 Jan 2025 — A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections. • https://fortiguard.fortinet.com/psirt/FG-IR-24-164 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-52969
https://notcve.org/view.php?id=CVE-2024-52969
14 Jan 2025 — An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-417 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 89%CPEs: 7EXPL: 2CVE-2024-23108
https://notcve.org/view.php?id=CVE-2024-23108
05 Feb 2024 — An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet F... • https://github.com/hitem/CVE-2024-23108 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 5%CPEs: 7EXPL: 0CVE-2024-23109
https://notcve.org/view.php?id=CVE-2024-23109
05 Feb 2024 — An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet F... • https://fortiguard.com/psirt/FG-IR-23-130 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 3.3EPSS: 0%CPEs: 22EXPL: 0CVE-2023-45585
https://notcve.org/view.php?id=CVE-2023-45585
14 Nov 2023 — An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage. Una inserción de informac... • https://fortiguard.com/psirt/FG-IR-23-392 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 10.0EPSS: 76%CPEs: 8EXPL: 2CVE-2023-34992
https://notcve.org/view.php?id=CVE-2023-34992
10 Oct 2023 — A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet FortiSIEM versión 7.0.0 y 6.7.0 a 6.7.5 y 6.... • https://github.com/horizon3ai/CVE-2023-34992 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 15EXPL: 0CVE-2023-26204
https://notcve.org/view.php?id=CVE-2023-26204
13 Jun 2023 — A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI. A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions,... • https://fortiguard.com/psirt/FG-IR-21-141 • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •