Every CVE whose affected-product data names Fortinet Fortisiem, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (29)
CVE-2024-23109 — CVSS 10.0 (critical): An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to…
CVE-2023-34992 — CVSS 10.0 (critical): A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to…
CVE-2024-23108 — CVSS 10.0 (critical): An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet allows attacker to…
CVE-2023-40714 — CVSS 9.9 (critical): A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to…
CVE-2025-25256 — CVSS 9.8 (critical): An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM…
CVE-2025-64155 — CVSS 9.8 (critical): An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0…
CVE-2019-16153 — CVSS 9.8 (critical): A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the…
CVE-2023-36553 — CVSS 9.8 (critical): A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 5.4.0 and 5.3.0…
CVE-2019-17653 — CVSS 8.8 (high): A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of Fortinet FortiSIEM 5.2.5 could allow a remote, unauthenticated…
CVE-2022-42478 — CVSS 8.1 (high): An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access…
CVE-2023-40723 — CVSS 8.1 (high): An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.4 and 6.6.0 through 6.6.3 and…
CVE-2022-26119 — CVSS 7.8 (high): A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on…
CVE-2021-41022 — CVSS 7.8 (high): A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or…
CVE-2024-46667 — CVSS 7.5 (high): A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all…
CVE-2018-13378 — CVSS 7.2 (high): An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the…
CVE-2019-6700 — CVSS 6.5 (medium): An information exposure vulnerability in the external authentication profile form of FortiSIEM 5.2.2 and earlier may allow an authenticated…
CVE-2025-58324 — CVSS 6.4 (medium): An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2, 7.1 all versions…
CVE-2022-43949 — CVSS 6.2 (medium): A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to…
CVE-2021-41023 — CVSS 5.5 (medium): A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure…
CVE-2019-17651 — CVSS 5.4 (medium): An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM…
CVE-2026-25972 — CVSS 4.3 (medium): An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSIEM 7.4.0…
CVE-2023-41676 — CVSS 4.3 (medium): An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker…
CVE-2023-36551 — CVSS 4.3 (medium): A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to…
CVE-2024-52969 — CVSS 4.1 (medium): An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7…
CVE-2024-55592 — CVSS 3.8 (low): An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6…
CVE-2019-17659 — CVSS 3.7 (low): A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH…
CVE-2023-26204 — CVSS 3.7 (low): A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all…
CVE-2023-45585 — CVSS 2.3 (low): An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version…
CVE-2024-27780 — CVSS 2.2 (low): Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all…