Incorrect Authorization Vulnerability in FortiSIEM by Fortinet
CVE-2024-55592

3.6LOW

Key Information:

Vendor: Fortinet
Status: Fortisiem
Vendor: CVE Published:; 11 March 2025

Summary

An incorrect authorization vulnerability in FortiSIEM allows authenticated attackers to execute unauthorized actions on incidents. This can be achieved through specially crafted HTTP requests, which may create significant security risks for organizations using the affected versions. Proper access control measures should be implemented to mitigate this vulnerability.

Affected Version(s)

FortiSIEM 7.2.0 <= 7.2.5

FortiSIEM 7.1.0 <= 7.1.7

FortiSIEM 7.0.0 <= 7.0.3

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-377

CVSS V3.1

Score:

3.6

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Dec 9, 2024