Fortisoar Security Vulnerabilities and Issues — Fortisoar CVE List

Lucene search

FortinetFortisoar

17 matches found

CVE•added 2022/05/04 4:15 p.m.•860 views

CVE-2022-23443

An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests.

7.5CVSS7.5AI score0.01756EPSS

CVE•added 2025/01/22 10:15 a.m.•64 views

CVE-2022-23439

A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through...

6.1CVSS4.9AI score0.00062EPSS

CVE•added 2022/11/02 12:15 p.m.•57 views

CVE-2022-42473

A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password.

5.5CVSS5.3AI score0.00052EPSS

CVE•added 2022/09/06 6:15 p.m.•56 views

CVE-2022-35847

An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload.

8.8CVSS8.7AI score0.00279EPSS

CVE•added 2022/09/06 6:15 p.m.•53 views

CVE-2022-29062

Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests.

6.5CVSS6.5AI score0.00188EPSS

CVE•added 2024/08/13 4:15 p.m.•52 views

CVE-2023-26211

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.

9CVSS6.5AI score0.00254EPSS

CVE•added 2022/12/06 5:15 p.m.•49 views

CVE-2022-38379

Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR.

5.4CVSS5.3AI score0.00386EPSS

CVE•added 2024/09/11 10:15 a.m.•48 views

CVE-2024-45327

An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTT...

7.5CVSS6.9AI score0.00091EPSS

CVE•added 2025/01/14 2:15 p.m.•47 views

CVE-2024-47572

An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file

9CVSS9.3AI score0.00066EPSS

CVE•added 2022/09/06 6:15 p.m.•45 views

CVE-2022-30298

An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root.

7.8CVSS7.9AI score0.0009EPSS

CVE•added 2022/09/09 7:15 a.m.•43 views

CVE-2022-29061

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests.

7.2CVSS7.2AI score0.00712EPSS

CVE•added 2025/01/14 2:15 p.m.•41 views

CVE-2024-48893

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malicious playbook.

6.8CVSS6.2AI score0.00034EPSS

CVE•added 2024/06/11 3:15 p.m.•40 views

CVE-2023-23775

Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerabilities [CWE-89] in FortiSOAR 7.2.0 and before 7.0.3 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.

8.8CVSS7.6AI score0.0006EPSS

CVE•added 2023/03/07 5:15 p.m.•40 views

CVE-2023-25605

A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.

7.5CVSS6.8AI score0.00155EPSS

CVE•added 2025/01/14 2:15 p.m.•37 views

CVE-2024-36510

An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid use...

5.3CVSS5.3AI score0.00073EPSS

CVE•added 2024/06/03 8:15 a.m.•33 views

CVE-2024-31493

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.

6.5CVSS6.5AI score0.00343EPSS

CVE•added 2023/04/11 5:15 p.m.•30 views

CVE-2023-27995

A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload.

8.8CVSS8.8AI score0.01757EPSS