Fortisoar Security Vulnerabilities and Issues — Fortisoar CVE List

Lucene search

FortinetFortisoar

4 matches found

CVE•added 2024/08/13 4:15 p.m.•52 views

CVE-2023-26211

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.

9CVSS6.5AI score0.00254EPSS

CVE•added 2024/09/11 10:15 a.m.•48 views

CVE-2024-45327

An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTT...

7.5CVSS6.9AI score0.00091EPSS

CVE•added 2024/06/11 3:15 p.m.•40 views

CVE-2023-23775

Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerabilities [CWE-89] in FortiSOAR 7.2.0 and before 7.0.3 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.

8.8CVSS7.6AI score0.0006EPSS

CVE•added 2024/06/03 8:15 a.m.•33 views

CVE-2024-31493

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.

6.5CVSS6.5AI score0.00448EPSS