CVE-2024-55592

CWE-863Incorrect Authorization4 documents4 sources
Severity
3.8LOW
EPSS
0.0%
top 88.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortisiem
Timeline
PublishedMar 11

Description

An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions, may allow an authenticated attacker to perform unauthorized operations on incidents via crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:NExploitability: 1.2 | Impact: 2.5

Affected Packages2 packages

CVEListV5fortinet/fortisiem7.2.07.2.5+11
NVDfortinet/fortisiem5.3.07.2.5

🔴Vulnerability Details

2
GHSA
GHSA-w4pp-rhhp-qj56: An incorrect authorization vulnerability [CWE-863] in FortiSIEM 72025-03-11
CVEList
CVE-2024-55592: An incorrect authorization vulnerability [CWE-863] in FortiSIEM 72025-03-11

📋Vendor Advisories

1
Fortinet
An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6...2025-03-11
CVE-2024-55592 (LOW CVSS 3.8) | An incorrect authorization vulnerab | cvebase.io