CVE-2024-27783

Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:fortinet:fortiaiops:2.0.0:*:*:*:*:*:*:*

History

16 Aug 2024, 14:46

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.6
v2 : unknown
v3 : 8.8
References () https://fortiguard.fortinet.com/psirt/FG-IR-24-070 - () https://fortiguard.fortinet.com/psirt/FG-IR-24-070 - Vendor Advisory
Summary
  • (es) Múltiples vulnerabilidades de Cross Site Request Forgery (CSRF) [CWE-352] en FortiAIOps versión 2.0.0 pueden permitir que un atacante remoto no autenticado realice acciones arbitrarias en nombre de un usuario autenticado engañando a la víctima para que ejecute solicitudes GET maliciosas.
First Time Fortinet fortiaiops
Fortinet
CPE cpe:2.3:a:fortinet:fortiaiops:2.0.0:*:*:*:*:*:*:*

09 Jul 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-09 16:15

Updated : 2024-08-16 14:46


NVD link : CVE-2024-27783

Mitre link : CVE-2024-27783

CVE.ORG link : CVE-2024-27783


JSON object : View

Products Affected

fortinet

  • fortiaiops
CWE
CWE-352

Cross-Site Request Forgery (CSRF)