Fortisoar@6.4.0 Security Vulnerabilities and Issues — Fortisoar@6.4.0 CVE List

Lucene search

FortinetFortisoar6.4.0

9 matches found

CVE•added 2022/05/04 4:15 p.m.•861 views

CVE-2022-23443

An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests.

7.5CVSS7.5AI score0.01756EPSS

CVE•added 2025/01/22 10:15 a.m.•65 views

CVE-2022-23439

A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through...

6.1CVSS4.9AI score0.00055EPSS

CVE•added 2022/11/02 12:15 p.m.•58 views

CVE-2022-42473

A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password.

5.5CVSS5.3AI score0.00062EPSS

CVE•added 2022/09/06 6:15 p.m.•57 views

CVE-2022-35847

An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload.

8.8CVSS8.7AI score0.01429EPSS

CVE•added 2024/08/13 4:15 p.m.•53 views

CVE-2023-26211

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.

9CVSS6.5AI score0.01053EPSS

CVE•added 2022/09/06 6:15 p.m.•46 views

CVE-2022-30298

An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root.

7.8CVSS7.9AI score0.00046EPSS

CVE•added 2025/03/18 2:15 p.m.•42 views

CVE-2024-21760

An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code...

8.4CVSS7.7AI score0.00096EPSS

CVE•added 2025/01/14 2:15 p.m.•38 views

CVE-2024-36510

An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid use...

5.3CVSS5.3AI score0.00095EPSS

CVE•added 2025/08/12 7:15 p.m.•8 views

CVE-2025-32932

An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated re...

6.5CVSS6AI score0.00049EPSS