virus logo PSIRT

FortiAIOps - Cross-site request forgery

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps may allow an unauthenticated remote attacker to perform arbitrary actions on behalf of an authenticated user via tricking the victim to execute malicious GET requests.

Version Affected Solution
FortiAIOps 2.0 2.0.0 Upgrade to 2.0.1 or above
FortiAIOps 1.1 Not affected Not Applicable
FortiAIOps 1.0 Not affected Not Applicable

Acknowledgement

Internally discovered and reported by Shripal Rawal of Fortinet PSIRT team.

Timeline

2024-07-09: Initial publication
IR Number FG-IR-24-070
Published Date Jul 9, 2024
Component GUI
Severity High
CVSSv3 Score 7.2
Impact Improper access control
CVE ID
Download

CVRF

CSAF