CVE-2024-27783

8.8HIGH

Key Information

Vendor: Fortinet
Status: Fortiaiops
Vendor: CVE Published:; 9 July 2024

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests.

Affected Version(s)

FortiAIOps = 2.0.0

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: null to: 7.2 - (HIGH)
Jul 10, 2024
Vulnerability published.
Jul 9, 2024

Collectors

NVD DatabaseMitre Database