CVSS: 2.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27780
https://notcve.org/view.php?id=CVE-2024-27780
11 Feb 2025 — Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests. Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow ... • https://fortiguard.fortinet.com/psirt/FG-IR-23-324 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-46667
https://notcve.org/view.php?id=CVE-2024-46667
14 Jan 2025 — A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections. • https://fortiguard.fortinet.com/psirt/FG-IR-24-164 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-52969
https://notcve.org/view.php?id=CVE-2024-52969
14 Jan 2025 — An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-417 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 2CVE-2024-23108
https://notcve.org/view.php?id=CVE-2024-23108
05 Feb 2024 — An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet F... • https://github.com/hitem/CVE-2024-23108 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-23109
https://notcve.org/view.php?id=CVE-2024-23109
05 Feb 2024 — An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. Una neutralización inadecuada de elementos especiales utilizados en un comando del sistema operativo ('inyección de comando del sistema operativo') en Fortinet F... • https://fortiguard.com/psirt/FG-IR-23-130 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •