FortiSIEM is vulnerable to a CSRF attack
A Cross-Site Request Forgery (CSRF) vulnerability in the user interface of FortiSIEM could allow a remote, unauthenticated attacker to perform arbitrary actions using an authenticated user's session by persuading the victim to follow a malicious link.
Execute Unauthorized Code or Commands
FortiSIEM version 5.2.5 and below
Please upgrade to FortiSIEM version 5.2.6 or above.
Fortinet is pleased to thank the researcher Ganoush for bringing this issue to our attention under responsible disclosure.