Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fortisiem
(Fortinet)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 18 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-11-02 | CVE-2022-26119 | A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password. | Fortisiem | 7.8 | ||
2021-11-02 | CVE-2021-41023 | A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files | Fortisiem | 5.5 | ||
2021-11-02 | CVE-2021-41022 | A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts | Fortisiem | 7.8 | ||
2020-01-07 | CVE-2019-6700 | An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code. | Fortisiem | 6.5 | ||
2020-03-12 | CVE-2019-17653 | A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link. | Fortisiem | N/A | ||
2020-01-28 | CVE-2019-17651 | An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule. | Fortisiem | N/A | ||
2020-01-23 | CVE-2019-16153 | A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials. | Fortisiem | N/A | ||
2019-04-17 | CVE-2018-13378 | An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code. | Fortisiem | 7.2 |