CVE-2024-55592: 
FortiSIEM vulnerability analysis and mitigation

An incorrect authorization vulnerability (CVE-2024-55592) was discovered in FortiSIEM affecting multiple versions including 7.2, 7.1, 7.0, 6.7, 6.6, 6.5, 6.4, 6.3, 6.2, 6.1, 5.4, and 5.3. The vulnerability was disclosed on March 11, 2025, and is classified as CWE-863 (Incorrect Authorization). FortiSIEM is a Security Information and Event Management (SIEM) solution from Fortinet that provides real-time infrastructure and user awareness for threat detection, analysis, and reporting (CIS Advisory).

The vulnerability is classified as an incorrect authorization issue that could allow an authenticated attacker to perform unauthorized operations on incidents via crafted HTTP requests. The severity is rated as LOW with a CVSS v3.1 base score of 3.8 (Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N) (NVD, Fortinet PSIRT).

The vulnerability allows authenticated attackers to perform unauthorized operations on incidents in FortiSIEM. This could lead to improper access control and potential manipulation of incident data, affecting the integrity of security event management (Fortinet PSIRT).

Fortinet recommends migrating to FortiSIEM version 7.3, which is not affected by this vulnerability. All versions prior to 7.3 are vulnerable and should be upgraded (Fortinet PSIRT).