Skip to main content

Fortisiem CVE-2022-26119

HIGH
Use of Hard-coded Credentials (CWE-798)
2022-11-02 psirt@fortinet.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 02, 2022 - 12:15 nvd
HIGH 7.8

DescriptionNVD

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password.

AnalysisAI

A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Technical ContextAI

This vulnerability is classified as Use of Hard-coded Credentials (CWE-798), which allows attackers to gain access using credentials embedded in source code. A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to perform operations on the Glassfish server directly via a hardcoded password. Affected products include: Fortinet Fortisiem. Version information: before 6.5.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Remove hard-coded credentials, use environment variables or secrets management, rotate exposed credentials immediately.

CVE-2025-25256 CRITICAL POC
9.8 Aug 12

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in

CVE-2025-64155 CRITICAL POC
9.8 Jan 13

Fortinet FortiSIEM (6.7.0 through 7.4.0) has OS command injection via crafted TCP requests. As a SIEM, compromise gives

CVE-2024-23108 CRITICAL POC
9.8 Feb 05

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet

CVE-2023-40714 CRITICAL
9.9 Apr 02

A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 a

CVE-2024-23109 CRITICAL
9.8 Feb 05

An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet

CVE-2023-36553 CRITICAL
9.8 Nov 14

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM versi

CVE-2023-34992 CRITICAL
9.8 Oct 10

A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet a

CVE-2023-26204 CRITICAL
9.8 Jun 13

A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versi

CVE-2021-41022 HIGH
7.8 Nov 02

A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute p

CVE-2023-41676 MEDIUM
6.5 Nov 14

An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may

CVE-2021-41023 MEDIUM
5.5 Nov 02

A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated

CVE-2023-36551 MEDIUM
5.3 Sep 13

A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows at

Share

CVE-2022-26119 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy