Filtered by vendor Fortinet
Subscriptions
Filtered by product Fortisiem
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-6700 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 6.5 Medium |
| An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated attacker to retrieve the external authentication password via the HTML source code. | ||||
| CVE-2019-17653 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link. | ||||
| CVE-2019-17651 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 5.4 Medium |
| An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule. | ||||
| CVE-2019-16153 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 9.8 Critical |
| A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials. | ||||
| CVE-2018-13378 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | N/A |
| An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code. | ||||