CVE-2022-42478
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/06/2023
Last modified:
07/11/2023
Description
An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:* | 5.1.0 (including) | 5.1.3 (including) |
| cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:* | 5.3.0 (including) | 5.3.3 (including) |
| cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*:* | 6.3.0 (including) | 6.3.3 (including) |
| cpe:2.3:a:fortinet:fortisiem:5.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:5.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:5.2.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:5.2.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:5.2.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:5.2.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:5.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:6.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:6.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:6.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:6.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:fortinet:fortisiem:6.2.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page