Fortinet Fortiaiops vulnerabilities

CVE-2024-27782 [HIGH] CWE-613 CVE-2024-27782: Multiple insufficient session expiration weaknesses [CWE-613] vulnerability in Fortinet FortiAIOps 2 Multiple insufficient session expiration weaknesses [CWE-613] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests.

CVE-2024-27783 [HIGH] CWE-352 CVE-2024-27783: Multiple cross-site request forgery (CSRF) weaknesses [CWE-352] vulnerability in Fortinet FortiAIOps Multiple cross-site request forgery (CSRF) weaknesses [CWE-352] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests.

CVE-2024-27784 [HIGH] CWE-532 CVE-2024-27784: Multiple Exposure of sensitive information to an unauthorized actor weaknesses [CWE-200] vulnerabili Multiple Exposure of sensitive information to an unauthorized actor weaknesses [CWE-200] vulnerability in Fortinet FortiAIOps 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files.

CVE-2024-27785 [MEDIUM] CWE-1236 CVE-2024-27785: An improper neutralization of formula elements in a CSV File [CWE-1236] vulnerability in Fortinet Fo An improper neutralization of formula elements in a CSV File [CWE-1236] vulnerability in Fortinet FortiAIOps 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports.