CVE-2024-52969

CWE-89SQL Injection4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 54.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortisiem
Timeline
PublishedJan 14

Description

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:NExploitability: 2.3 | Impact: 1.4

Affected Packages2 packages

CVEListV5fortinet/fortisiem7.1.07.1.7+5
NVDfortinet/fortisiem6.4.07.1.7

🔴Vulnerability Details

2
GHSA
GHSA-jc45-7g3m-f786: An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 72025-01-14
CVEList
CVE-2024-52969: An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 72025-01-14

📋Vendor Advisories

1
Fortinet
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiS...2025-01-14
CVE-2024-52969 (MEDIUM CVSS 6.5) | An Improper Neutralization of Speci | cvebase.io