Fortinet Fortisiem vulnerabilities

CVE-2022-26119 [HIGH] CWE-798 CVE-2022-26119: A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker w A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password.

CVE-2019-17653 [HIGH] CWE-352 CVE-2019-17653: A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link.

CVE-2019-17651 [MEDIUM] CWE-79 CVE-2019-17651: An Improper Neutralization of Input vulnerability in the description and title parameters of a Devic An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedu

CVE-2019-16153 [CRITICAL] CWE-798 CVE-2019-16153: A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and b A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials.