Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

FortiSOAR Security Vulnerabilities

cve
cve

CVE-2023-27995

A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted...

8.8CVSS

8.8AI Score

0.002EPSS

2023-04-11 05:15 PM
14
cve
cve

CVE-2023-25605

A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP...

7.2CVSS

6.8AI Score

0.001EPSS

2023-03-07 05:15 PM
17
cve
cve

CVE-2022-38379

Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within...

5.4CVSS

5.3AI Score

0.001EPSS

2022-12-06 05:15 PM
25
cve
cve

CVE-2022-42473

A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a...

5.5CVSS

5.3AI Score

0.0004EPSS

2022-11-02 12:15 PM
23
cve
cve

CVE-2022-29061

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET...

7.2CVSS

7.2AI Score

0.001EPSS

2022-09-09 07:15 AM
20
6
cve
cve

CVE-2022-35847

An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted...

8.8CVSS

8.7AI Score

0.001EPSS

2022-09-06 06:15 PM
30
9
cve
cve

CVE-2022-29062

Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP...

6.5CVSS

6.4AI Score

0.001EPSS

2022-09-06 06:15 PM
34
7
cve
cve

CVE-2022-30298

An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as...

7.8CVSS

7.9AI Score

0.0004EPSS

2022-09-06 06:15 PM
20
10
cve
cve

CVE-2022-23443

An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET...

7.5CVSS

7.5AI Score

0.003EPSS

2022-05-04 04:15 PM
844
2