CVE-2024-52969

Summary

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSIEM7.1.0 <= 7.1.7affected
FortinetFortiSIEM7.0.0 <= 7.0.3affected
FortinetFortiSIEM6.7.0 <= 6.7.9affected
FortinetFortiSIEM6.6.0 <= 6.6.5affected
FortinetFortiSIEM6.5.0 <= 6.5.3affected
FortinetFortiSIEM6.4.0 <= 6.4.4affected

Weaknesses

  • CWE-89: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References