cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-45323,https://securityvulnerability.io/vulnerability/CVE-2024-45323,Admin Access to Backend Logs of Other Organizations via REST API,"An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include information related to other organizations.",Fortinet,Fortiedr Manager,2.7,LOW,0.00044999999227002263,false,false,false,false,,false,false,2024-09-10T14:37:42.131Z,0
CVE-2023-44248,https://securityvulnerability.io/vulnerability/CVE-2023-44248,Improper Access Control in Fortinet EDR Collector for Windows,"An improper access control vulnerability in FortiEDR Collector for Windows could allow a local attacker to alter specific registry keys related to the collector service. This manipulation can result in the prevention of the service from starting upon the next system reboot, potentially compromising system integrity and operational continuity.",Fortinet,Fortiedr,4,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2023-11-14T18:15:00.000Z,0
CVE-2023-33303,https://securityvulnerability.io/vulnerability/CVE-2023-33303,Insufficient Session Expiration in Fortinet FortiEDR Products,"An insufficient session expiration vulnerability exists in Fortinet's FortiEDR versions 5.0.0 through 5.0.1. This weakness allows attackers to exploit the system by executing unauthorized code or commands through crafted API requests. Organizations using these affected versions should take immediate action to mitigate the risk, ensuring that proper session management practices are implemented to safeguard against potential exploits.",Fortinet,Fortiedr,7.7,HIGH,0.001509999972768128,false,false,false,false,,false,false,2023-10-13T15:15:00.000Z,0
CVE-2022-39949,https://securityvulnerability.io/vulnerability/CVE-2022-39949,,"An improper control of a resource through its lifetime vulnerability [CWE-664] in FortiEDR CollectorWindows 4.0.0 through 4.1, 5.0.0 through 5.0.3.751, 5.1.0 may allow a privileged user to terminate the FortiEDR processes with special tools and bypass the EDR protection.",Fortinet,Fortinet Fortiedr,4.4,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-11-02T00:00:00.000Z,0
CVE-2022-29057,https://securityvulnerability.io/vulnerability/CVE-2022-29057,,"A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints.",Fortinet,Fortinet Fortiedr,5.4,MEDIUM,0.0006600000197067857,false,false,false,false,,false,false,2022-07-19T14:15:00.000Z,0
CVE-2022-23440,https://securityvulnerability.io/vulnerability/CVE-2022-23440,,"A use of hard-coded cryptographic key vulnerability [CWE-321] in the registration mechanism of FortiEDR collectors versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow a local attacker to disable and uninstall the collectors from the end-points within the same deployment.",Fortinet,Fortinet Fortiedr,7.8,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2022-04-06T09:30:14.000Z,0
CVE-2022-23441,https://securityvulnerability.io/vulnerability/CVE-2022-23441,,"A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors.",Fortinet,Fortinet Fortiedr,9.1,CRITICAL,0.002199999988079071,false,false,false,false,,false,false,2022-04-06T09:10:10.000Z,0
CVE-2022-23446,https://securityvulnerability.io/vulnerability/CVE-2022-23446,,A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission.,Fortinet,Fortinet Fortiedr,4.4,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-04-06T09:00:17.000Z,0