CVE-2024-55592: An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all...

3.6 CVSS

Description

An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions, may allow an authenticated attacker to perform unauthorized operations on incidents via crafted HTTP requests.

Classification

CVE ID: CVE-2024-55592

CVSS Base Severity: LOW

CVSS Base Score: 3.6

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:X/RC:C

Problem Types

Improper access control

Affected Products

Vendor: Fortinet

Product: FortiSIEM

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 2.42% (scored less or equal to compared to others)

EPSS Date: 2025-04-09 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-55592
https://fortiguard.fortinet.com/psirt/FG-IR-24-377

Timeline

2025-03-11 15:40:11 UTC
CVE

An incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all...