CVE-2024-52969
published 2025-01-14CVE-2024-52969: An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortisiem | — | — |
| fortinet | fortisiem | 6.4.0 – 7.1.7 | — |
| fortinet | fortisiem | 6.5.0 – 6.5.3 | — |
| fortinet | fortisiem | 6.6.0 – 6.6.5 | — |
| fortinet | fortisiem | 6.7.0 – 6.7.9 | — |
| fortinet | fortisiem | 7.0.0 – 7.0.3 | — |
| fortinet | fortisiem | 7.1.0 – 7.1.7 | — |