PSIRTIncorrect authorization in incident page
Summary
An incorrect authorization vulnerability [CWE-863] in FortiSIEM may allow an authenticated attacker to perform unauthorized operations on incidents via crafted HTTP requests.
| Version | Affected | Solution |
|---|---|---|
| FortiSIEM 7.3 | Not affected | Not Applicable |
| FortiSIEM 7.2 | 7.2 all versions | Migrate to a fixed release |
| FortiSIEM 7.1 | 7.1 all versions | Migrate to a fixed release |
| FortiSIEM 7.0 | 7.0 all versions | Migrate to a fixed release |
| FortiSIEM 6.7 | 6.7 all versions | Migrate to a fixed release |
| FortiSIEM 6.6 | 6.6 all versions | Migrate to a fixed release |
| FortiSIEM 6.5 | 6.5 all versions | Migrate to a fixed release |
| FortiSIEM 6.4 | 6.4 all versions | Migrate to a fixed release |
| FortiSIEM 6.3 | 6.3 all versions | Migrate to a fixed release |
| FortiSIEM 6.2 | 6.2 all versions | Migrate to a fixed release |
| FortiSIEM 6.1 | 6.1 all versions | Migrate to a fixed release |
| FortiSIEM 5.4 | 5.4 all versions | Migrate to a fixed release |
| FortiSIEM 5.3 | 5.3 all versions | Migrate to a fixed release |