CVE-2024-52969: An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below,...

3.7 CVSS

Description

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests.

Classification

CVE ID: CVE-2024-52969

CVSS Base Severity: LOW

CVSS Base Score: 3.7

Affected Products

Vendor: Fortinet

Product: FortiSIEM

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 20.59% (scored less or equal to compared to others)

EPSS Date: 2025-02-12 (when was this score calculated)

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-417

Timeline

2025-01-15 00:30:29 UTC
CVE

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below,...