Vulnerabilities > Fortinet > Fortisiem > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-13 | CVE-2022-42478 | Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortisiem An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints. | 8.8 |
| 2023-06-13 | CVE-2022-43949 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Fortinet Fortisiem A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods. | 7.5 |
| 2022-11-02 | CVE-2022-26119 | Use of Hard-coded Credentials vulnerability in Fortinet Fortisiem A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password. | 7.8 |
| 2021-11-02 | CVE-2021-41022 | Improper Privilege Management vulnerability in Fortinet Fortisiem A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts | 7.8 |
| 2020-03-12 | CVE-2019-17653 | Cross-Site Request Forgery (CSRF) vulnerability in Fortinet Fortisiem 5.2.5 A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link. | 8.8 |
| 2019-04-17 | CVE-2018-13378 | Information Exposure vulnerability in Fortinet Fortisiem An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code. | 7.2 |