CVE-2019-17653

Name of the Vulnerable Software and Affected Versions FortiSIEM version 5.2.5

Description A Cross-Site Request Forgery (CSRF) issue in the user interface could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link. The vulnerability is related to insufficient validation of requests, which may enable a remote attacker to carry out a CSRF attack.

Recommendations For FortiSIEM version 5.2.5, as a temporary workaround, consider implementing additional validation for requests to prevent CSRF attacks until a patch is available. Restrict access to the user interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.