Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25605 | 1 Fortinet | 1 Fortisoar | 2023-03-14 | N/A | 7.2 HIGH |
| A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests. | |||||
| CVE-2022-38379 | 1 Fortinet | 1 Fortisoar | 2022-12-07 | N/A | 5.4 MEDIUM |
| Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR. | |||||
| CVE-2022-42473 | 1 Fortinet | 1 Fortisoar | 2022-11-03 | N/A | 5.5 MEDIUM |
| A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password. | |||||
| CVE-2022-29061 | 1 Fortinet | 1 Fortisoar | 2022-09-13 | N/A | 7.2 HIGH |
| An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests. | |||||
| CVE-2022-29062 | 1 Fortinet | 1 Fortisoar | 2022-09-08 | N/A | 6.5 MEDIUM |
| Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests. | |||||
| CVE-2022-30298 | 1 Fortinet | 1 Fortisoar | 2022-09-08 | N/A | 7.8 HIGH |
| An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root. | |||||
| CVE-2022-35847 | 1 Fortinet | 1 Fortisoar | 2022-09-08 | N/A | 8.8 HIGH |
| An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload. | |||||
| CVE-2022-23443 | 1 Fortinet | 1 Fortisoar | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. | |||||