Fortinet Fortisiem

21 CVEs affecting Fortinet Fortisiem. Latest disclosed: 2026-03-10. Critical: 7, High: 2.

Top CVEs affecting Fortinet Fortisiem
CVESeverityScorePublishedSummary
CVE-2025-25256Critical9.82025-08-12An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 throug…
CVE-2023-40714Critical9.72025-04-02A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege vi…
CVE-2024-23108Critical9.72024-02-05An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorize…
CVE-2024-23109Critical9.72024-02-05An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorize…
CVE-2023-34992Critical9.72023-10-10A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to execute unauthorized…
CVE-2025-64155Critical9.42026-01-13An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 throug…
CVE-2023-36553Critical9.32023-11-14A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5…
CVE-2022-42478High8.12023-06-13An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoint…
CVE-2023-40723High7.72025-03-11An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1…
CVE-2024-46667Medium6.92025-01-14A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0…
CVE-2025-58324Medium6.12025-10-14An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2, 7.1 all versions, 7.0 all versions, 6.7…
CVE-2022-43949Medium5.92023-06-13A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute forc…
CVE-2023-41676Medium4.22023-11-14An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windo…
CVE-2023-36551Medium4.22023-09-13A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a…
CVE-2026-25972Medium4.12026-03-10An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3…
CVE-2024-52969Low3.72025-01-14An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1…
CVE-2019-17659Low3.62025-03-17A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervis…
CVE-2024-55592Low3.62025-03-11An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 a…
CVE-2023-26204Low3.62023-06-13A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions…
CVE-2024-27780Low2.22025-02-11Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all…