Fortisoar@7.0.0 Security Vulnerabilities and Issues — Fortisoar@7.0.0 CVE List

Lucene search

FortinetFortisoar7.0.0

10 matches found

CVE•added 2022/05/04 4:15 p.m.•861 views

CVE-2022-23443

An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests.

7.5CVSS7.5AI score0.01756EPSS

CVE•added 2022/11/02 12:15 p.m.•58 views

CVE-2022-42473

A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password.

5.5CVSS5.3AI score0.00062EPSS

CVE•added 2022/09/06 6:15 p.m.•57 views

CVE-2022-35847

An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload.

8.8CVSS8.7AI score0.01429EPSS

CVE•added 2022/09/06 6:15 p.m.•54 views

CVE-2022-29062

Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests.

6.5CVSS6.5AI score0.00746EPSS

CVE•added 2022/12/06 5:15 p.m.•50 views

CVE-2022-38379

Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR.

5.4CVSS5.3AI score0.00482EPSS

CVE•added 2024/09/11 10:15 a.m.•49 views

CVE-2024-45327

An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTT...

7.5CVSS6.9AI score0.00091EPSS

CVE•added 2022/09/06 6:15 p.m.•46 views

CVE-2022-30298

An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root.

7.8CVSS7.9AI score0.00046EPSS

CVE•added 2022/09/09 7:15 a.m.•45 views

CVE-2022-29061

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests.

7.2CVSS7.2AI score0.02948EPSS

CVE•added 2024/06/11 3:15 p.m.•41 views

CVE-2023-23775

Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerabilities [CWE-89] in FortiSOAR 7.2.0 and before 7.0.3 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.

8.8CVSS7.6AI score0.0006EPSS

CVE•added 2024/06/03 8:15 a.m.•34 views

CVE-2024-31493

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.

6.5CVSS6.5AI score0.00343EPSS