CVE-2019-17653

CWE-352Cross-Site Request Forgery (CSRF)4 documents4 sources
Severity
8.8HIGH
EPSS
0.3%
top 49.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet Fortinet FortisiemFortinet Fortisiem
Timeline
PublishedMar 12
Latest updateMay 24

Description

A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-w9qw-g4mv-ph46: A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 52022-05-24
CVEList
CVE-2019-17653: A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 52020-03-12

📋Vendor Advisories

1
Fortinet
A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote...2020-03-12
CVE-2019-17653 (HIGH CVSS 8.8) | A Cross-Site Request Forgery (CSRF) | cvebase.io