CVE-2024-52969: 
FortiSIEM vulnerability analysis and mitigation

An SQL Injection vulnerability (CVE-2024-52969) was discovered in FortiSIEM's Update/Create Case feature. The vulnerability affects multiple versions of FortiSIEM including versions 7.1.7 and below, 7.1.0, 7.0.3 and below, 6.7.9 and below, 6.7.8, 6.6.5 and below, 6.5.3 and below, and 6.4.4 and below. This security flaw was disclosed on January 14, 2025 (Fortinet Advisory, NVD).

The vulnerability is classified as an Improper Neutralization of Special Elements used in an SQL Command (CWE-89). It has been assigned a CVSS v3.1 base score of 6.5 (Medium) by NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, while Fortinet rated it with a lower CVSS score of 4.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N (NVD).

The vulnerability allows an authenticated attacker to extract database information through crafted requests to the Update/Create Case feature. The primary impact is related to information disclosure, with high potential for confidentiality breach (Fortinet Advisory).

Fortinet recommends migrating to a fixed release for affected versions. The vulnerability has been addressed in versions after 7.1.7. Systems running FortiSIEM versions 7.3, 7.2, 6.3, 6.2, 6.1, and 5.4 are not affected by this vulnerability (Fortinet Advisory).