PSIRT Advisory

FortiSIEM is vulnerable to a CSRF attack

Summary

A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of FortiSIEM could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link.

Impact

Execute Unauthorized Code or Commands

Affected Products

FortiSIEM version 5.2.5 and below

Solutions

Please upgrade to FortiSIEM version 5.2.6 or above.

Acknowledgement

Fortinet is pleased to thank the researcher Ganoush for bringing this issue to our attention under responsible disclosure.