cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-45323,https://securityvulnerability.io/vulnerability/CVE-2024-45323,Admin Access to Backend Logs of Other Organizations via REST API,"An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions in his profile and restricted to a specific organization to access backend logs that include information related to other organizations.",Fortinet,Fortiedr Manager,2.7,LOW,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-09-10T14:37:42.131Z,0
CVE-2023-44248,https://securityvulnerability.io/vulnerability/CVE-2023-44248,Improper Access Control in Fortinet EDR Collector for Windows,"An improper access control vulnerability in FortiEDR Collector for Windows could allow a local attacker to alter specific registry keys related to the collector service. This manipulation can result in the prevention of the service from starting upon the next system reboot, potentially compromising system integrity and operational continuity.",Fortinet,Fortiedr,4,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-11-14T18:15:00.000Z,0
CVE-2023-33303,https://securityvulnerability.io/vulnerability/CVE-2023-33303,Insufficient Session Expiration in Fortinet FortiEDR Products,"An insufficient session expiration vulnerability exists in Fortinet's FortiEDR versions 5.0.0 through 5.0.1. This weakness allows attackers to exploit the system by executing unauthorized code or commands through crafted API requests. Organizations using these affected versions should take immediate action to mitigate the risk, ensuring that proper session management practices are implemented to safeguard against potential exploits.",Fortinet,Fortiedr,7.7,HIGH,0.001509999972768128,false,,false,false,false,,,false,false,,2023-10-13T15:15:00.000Z,0
CVE-2022-39949,https://securityvulnerability.io/vulnerability/CVE-2022-39949,Improper Resource Control Vulnerability in FortiEDR Collector,"An improper control of a resource through its lifetime in FortiEDR Collector versions may allow a privileged user to exploit this vulnerability. By using specialized tools, the user could terminate FortiEDR processes, effectively circumventing the intended EDR protection mechanisms. This vulnerability poses a significant risk as it enables a malicious actor with sufficient access to undermine security measures put in place to monitor and protect the endpoint.",Fortinet,Fortinet Fortiedr,4.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-29057,https://securityvulnerability.io/vulnerability/CVE-2022-29057,Cross-Site Scripting Vulnerability in Fortinet FortiEDR,"The vulnerability involves improper handling of user input during the web page generation process in Fortinet's FortiEDR. This flaw creates an opportunity for a remote, authenticated attacker to execute a reflected cross-site scripting attack. By injecting malicious payloads into various endpoints of the Management Console, the attacker can manipulate user sessions, redirect users to harmful sites, or steal sensitive data. This issue affects specific versions of FortiEDR, highlighting the importance of timely patching and security measures.",Fortinet,Fortinet Fortiedr,5.4,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2022-07-19T14:15:00.000Z,0
CVE-2022-23440,https://securityvulnerability.io/vulnerability/CVE-2022-23440,Use of Hard-Coded Cryptographic Key in Fortinet FortiEDR Collectors,"A vulnerability exists in the registration mechanism of FortiEDR collectors that employs hard-coded cryptographic keys. This flaw may enable a local attacker to bypass security measures, potentially allowing them to disable and uninstall the collectors from the endpoints in the same deployment. Proper security protocols and configurations are paramount to mitigate the risks associated with this vulnerability.",Fortinet,Fortinet Fortiedr,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-04-06T09:30:14.000Z,0
CVE-2022-23441,https://securityvulnerability.io/vulnerability/CVE-2022-23441,Hard-Coded Cryptographic Key Vulnerability in Fortinet's FortiEDR,"A vulnerability exists in Fortinet's FortiEDR where hard-coded cryptographic keys can be exploited. This issue allows an unauthenticated attacker within the network to impersonate and forge messages from other collectors. Such a security flaw can lead to significant risks in data integrity and trustworthiness, enabling an unauthorized party to manipulate interactions between network components.",Fortinet,Fortinet Fortiedr,9.1,CRITICAL,0.002199999988079071,false,,false,false,false,,,false,false,,2022-04-06T09:10:10.000Z,0
CVE-2022-23446,https://securityvulnerability.io/vulnerability/CVE-2022-23446,Resource Management Vulnerability in Fortinet FortiEDR,"An improper control of a resource through its lifetime has been identified in Fortinet FortiEDR version 5.0.3 and earlier. This vulnerability allows attackers to manipulate the application's root directory access permissions, leading to potential downtime and making the entire application unresponsive. Organizations utilizing affected versions are advised to review their security posture and apply necessary updates.",Fortinet,Fortinet Fortiedr,4.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-04-06T09:00:17.000Z,0