Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26119 | 1 Fortinet | 1 Fortisiem | 2022-11-03 | N/A | 7.8 HIGH |
| A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password. | |||||
| CVE-2021-41023 | 2 Fortinet, Microsoft | 2 Fortisiem, Windows | 2022-05-03 | 2.1 LOW | 5.5 MEDIUM |
| A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files | |||||
| CVE-2021-41022 | 2 Fortinet, Microsoft | 2 Fortisiem, Windows | 2021-11-04 | 4.6 MEDIUM | 7.8 HIGH |
| A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts | |||||
| CVE-2019-6700 | 1 Fortinet | 1 Fortisiem | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code. | |||||
| CVE-2019-17653 | 1 Fortinet | 1 Fortisiem | 2020-03-18 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link. | |||||
| CVE-2019-17651 | 1 Fortinet | 1 Fortisiem | 2020-01-29 | 3.5 LOW | 5.4 MEDIUM |
| An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule. | |||||
| CVE-2019-16153 | 1 Fortinet | 1 Fortisiem | 2020-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials. | |||||
| CVE-2018-13378 | 1 Fortinet | 1 Fortisiem | 2019-04-17 | 4.0 MEDIUM | 7.2 HIGH |
| An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code. | |||||