CVE-2024-27783

Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests.
Configurations

Configuration 1 (hide)

cpe:2.3:a:fortinet:fortiaiops:2.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 09:05

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 7.6
References () https://fortiguard.fortinet.com/psirt/FG-IR-24-070 - Vendor Advisory () https://fortiguard.fortinet.com/psirt/FG-IR-24-070 - Vendor Advisory

16 Aug 2024, 14:46

Type Values Removed Values Added
Summary
  • (es) Múltiples vulnerabilidades de Cross Site Request Forgery (CSRF) [CWE-352] en FortiAIOps versión 2.0.0 pueden permitir que un atacante remoto no autenticado realice acciones arbitrarias en nombre de un usuario autenticado engañando a la víctima para que ejecute solicitudes GET maliciosas.
CVSS v2 : unknown
v3 : 7.6
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:fortinet:fortiaiops:2.0.0:*:*:*:*:*:*:*
First Time Fortinet fortiaiops
Fortinet
References () https://fortiguard.fortinet.com/psirt/FG-IR-24-070 - () https://fortiguard.fortinet.com/psirt/FG-IR-24-070 - Vendor Advisory

09 Jul 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-09 16:15

Updated : 2024-11-21 09:05


NVD link : CVE-2024-27783

Mitre link : CVE-2024-27783

CVE.ORG link : CVE-2024-27783


JSON object : View

Products Affected

fortinet

  • fortiaiops
CWE
CWE-352

Cross-Site Request Forgery (CSRF)