CVE-2024-52969

Name of the Vulnerable Software and Affected Versions FortiSIEM versions 7.1.7 and below FortiSIEM versions 7.0.3 and below FortiSIEM versions 6.7.9 and below FortiSIEM versions 6.6.5 and below FortiSIEM versions 6.5.3 and below FortiSIEM versions 6.4.4 and below

Description The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection. This may allow an authenticated attacker to extract database information via crafted requests, specifically through the Update/Create Case feature.

Recommendations For FortiSIEM versions 7.1.7 and below, update to a version that contains a fix for this issue. For FortiSIEM versions 7.0.3 and below, update to a version that contains a fix for this issue. For FortiSIEM versions 6.7.9 and below, update to a version that contains a fix for this issue. For FortiSIEM versions 6.6.5 and below, update to a version that contains a fix for this issue. For FortiSIEM versions 6.5.3 and below, update to a version that contains a fix for this issue. For FortiSIEM versions 6.4.4 and below, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the Update/Create Case feature until a patch is available.