Vulnerabilities (CVE)

Filtered by vendor Fortinet Subscribe
Filtered by product Fortiaiops
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-27785 1 Fortinet 1 Fortiaiops 2024-11-21 N/A 5.4 MEDIUM
An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps version 2.0.0 may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV reports.
CVE-2024-27784 1 Fortinet 1 Fortiaiops 2024-11-21 N/A 8.8 HIGH
Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] in FortiAIOps version 2.0.0 may allow an authenticated, remote attacker to retrieve sensitive information from the API endpoint or log files.
CVE-2024-27783 1 Fortinet 1 Fortiaiops 2024-11-21 N/A 7.6 HIGH
Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests.
CVE-2024-27782 1 Fortinet 1 Fortiaiops 2024-11-21 N/A 8.1 HIGH
Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests.