Fortisiem Security Vulnerabilities and Issues — Fortisiem CVE List

Lucene search

FortinetFortisiem

8 matches found

CVE•added 2025/08/12 7:15 p.m.•107 views

CVE-2025-25256

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauth...

9.8CVSS8.1AI score0.24323EPSS

CVE•added 2025/04/02 8:15 a.m.•81 views

CVE-2023-40714

A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements

9.9CVSS7.3AI score0.00308EPSS

CVE•added 2025/03/17 2:15 p.m.•75 views

CVE-2019-17659

A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image.

8.1CVSS4.3AI score0.00107EPSS

CVE•added 2025/03/11 3:15 p.m.•67 views

CVE-2023-40723

An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 and 6.3.0 through 6.3.3 and 6.2.0 through 6.2.1 and 6.1.0 through 6.1.2 and 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5...

8.1CVSS7.2AI score0.00067EPSS

CVE•added 2025/02/11 5:15 p.m.•45 views

CVE-2024-27780

Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP reques...

5.4CVSS3.7AI score0.00022EPSS

CVE•added 2025/01/14 2:15 p.m.•39 views

CVE-2024-52969

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Updat...

6.5CVSS4.7AI score0.0008EPSS

CVE•added 2025/03/11 3:15 p.m.•39 views

CVE-2024-55592

An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions, may allow an authen...

3.8CVSS4.3AI score0.00019EPSS

CVE•added 2025/01/14 2:15 p.m.•37 views

CVE-2024-46667

A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections.

7.5CVSS7.5AI score0.00133EPSS