Fortisoar Security Vulnerabilities and Issues — Fortisoar CVE List

Lucene search

FortinetFortisoar

4 matches found

CVE•added 2022/09/06 6:15 p.m.•56 views

CVE-2022-35847

An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload.

8.8CVSS8.7AI score0.00279EPSS

CVE•added 2025/03/18 2:15 p.m.•41 views

CVE-2024-21760

An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code...

8.4CVSS7.7AI score0.00096EPSS

CVE•added 2024/06/11 3:15 p.m.•40 views

CVE-2023-23775

Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerabilities [CWE-89] in FortiSOAR 7.2.0 and before 7.0.3 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.

8.8CVSS7.6AI score0.0006EPSS

CVE•added 2023/04/11 5:15 p.m.•30 views

CVE-2023-27995

A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload.

8.8CVSS8.8AI score0.01757EPSS