Lucene search

FortinetCVELIST:CVE-2022-26119

HistoryNov 02, 2022 - 12:00 a.m.

CVE-2022-26119

2022-11-0200:00:00

fortinet

www.cve.org

vulnerability

fortinet

fortisiem

authentication

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

AI Score

7.7

Confidence

High

EPSS

Percentile

5.1%

JSON

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password.

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "Fortinet FortiSIEM",
    "versions": [
      {
        "version": "FortiSIEM 6.4.0, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 5.4.0, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.2, 5.2.1, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.1, 5.0.0",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-22-064

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

AI Score

7.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2022-26119