all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

FortiSIEM - OS command injection in Report Server

Add to bookmarks
Nov. 14, 2023, 8 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM report server may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.
This vulnerability was internally discovered as a variant of FG-IR-23-130.

api attacker command command injection cwe fortisiem injection may report requests server special unauthenticated vulnerability

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiMail - User can see and modify address book folders title of other users 3 weeks, 6 days ago | fortiguard.fortinet.com
address attacker authorization book +8
FortiClient (Windows) - DLL Hijacking via openssl.cnf 3 weeks, 6 days ago | fortiguard.fortinet.com
attack attacker cwe dll +14
FortiMail - Login mechanism without rate limitation 3 weeks, 6 days ago | fortiguard.fortinet.com
attack attacker authentication brute +10
FortiOS & FortiProxy - DOS in headers management 3 weeks, 6 days ago | fortiguard.fortinet.com
attack attacker cwe device +13
FortiADC & FortiDDoS-F - CORS: arbitrary origin trusted 3 weeks, 6 days ago | fortiguard.fortinet.com
actions api attacker cors +15
FortiClient (Windows) - Arbitrary file deletion from unprivileged users 3 weeks, 6 days ago | fortiguard.fortinet.com
attacker authorization cwe deletion +9
FortiClient for Windows - Hardcoded credentials in vcm2.exe 3 weeks, 6 days ago | fortiguard.fortinet.com
attacker bypass credentials cwe +8
FortiEDRCollector (Windows) - Protection may be disabled by local attacker 3 weeks, 6 days ago | fortiguard.fortinet.com
access access control attacker control +15
FortiManager & FortiAnalyzer - Use of hardcoded credentials in fmgsvrd 3 weeks, 6 days ago | fortiguard.fortinet.com
access attacker credentials cwe +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Specialist

@ Protect Democracy | Remote, US
View on infosec-jobs.com

Senior Information Security Expert (m/f/d) at Allianz SE Reinsurance Munich

@ Allianz | München, DE, 80802
View on infosec-jobs.com

Target security Specialist

@ Target | 1135 Woodstock Rd, Roswell,GA 30075-2231
View on infosec-jobs.com

Senior Information Security Engineer

@ Gainwell Technologies | Any city, TX, US, 99999
View on infosec-jobs.com

Legal Lead, Compliance and Data Privacy Officer- Turkey

@ Merck Group | Istanbul, Istanbul, TR, 34752
View on infosec-jobs.com

Head of Infrastructure and Information Security

@ Allianz | Bangkok, Bangkok, TH, 10310
View on infosec-jobs.com
View more jobs