CVE-2023-40723

Name of the Vulnerable Software and Affected Versions: Fortinet FortiSIEM versions 5.1.0 through 5.1.3 Fortinet FortiSIEM versions 5.2.1 through 5.2.2 Fortinet FortiSIEM versions 5.2.5 through 5.2.8 Fortinet FortiSIEM versions 5.3.0 through 5.3.3 Fortinet FortiSIEM version 5.4.0 Fortinet FortiSIEM versions 6.1.0 through 6.1.2 Fortinet FortiSIEM versions 6.2.0 through 6.2.1 Fortinet FortiSIEM versions 6.3.0 through 6.3.3 Fortinet FortiSIEM versions 6.4.0 through 6.4.2 Fortinet FortiSIEM versions 6.5.0 through 6.5.1 Fortinet FortiSIEM versions 6.6.0 through 6.6.3 Fortinet FortiSIEM versions 6.7.0 through 6.7.4

Description: The issue allows an unauthorized actor to expose sensitive information and execute unauthorized code or commands via an API request.

Recommendations: For Fortinet FortiSIEM versions 5.1.0 through 5.1.3, update to a version that contains a fix for this issue. For Fortinet FortiSIEM versions 5.2.1 through 5.2.2, update to a version that contains a fix for this issue. For Fortinet FortiSIEM versions 5.2.5 through 5.2.8, update to a version that contains a fix for this issue. For Fortinet FortiSIEM versions 5.3.0 through 5.3.3, update to a version that contains a fix for this issue. For Fortinet FortiSIEM version 5.4.0, update to a version that contains a fix for this issue. For Fortinet FortiSIEM versions 6.1.0 through 6.1.2, update to a version that contains a fix for this issue. For Fortinet FortiSIEM versions 6.2.0 through 6.2.1, update to a version that contains a fix for this issue. For Fortinet FortiSIEM versions 6.3.0 through 6.3.3, update to a version that contains a fix for this issue. For Fortinet FortiSIEM versions 6.4.0 through 6.4.2, update to a version that contains a fix for this issue. For Fortinet FortiSIEM versions 6.5.0 through 6.5.1, update to a version that contains a fix for this issue. For Fortinet FortiSIEM versions 6.6.0 through 6.6.3, update to a version that contains a fix for this issue. For Fortinet FortiSIEM versions 6.7.0 through 6.7.4, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.