Lucene search
HistoryNov 02, 2022 - 12:15 p.m.
CVE-2022-42473
fortisoar
unauthorized access
sensitive information
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0
Percentile
12.6%
A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password.
Affected configurations
Node
fortinetfortisoarRange6.4.0–6.4.4
ORfortinetfortisoarRange7.0.0–7.0.3
ORfortinetfortisoarMatch7.2.0
References
Related
fortinet
fortinet
FortiSOAR - PostgreSQL DB access to local users
2022-11-01 00:00:00
cve
cve
CVE-2022-42473
2022-11-02 12:15:55
cnvd
cnvd
Fortinet FortiSOAR Access Control Error Vulnerability (CNVD-2023-02490)
2022-11-05 00:00:00
prion
prion
Authentication flaw
2022-11-02 12:15:00
cvelist
cvelist
CVE-2022-42473
2022-11-02 00:00:00
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0
Percentile
12.6%
Related for NVD:CVE-2022-42473