Filtered by vendor Fortinet Subscriptions
Filtered by product Fortisoar Subscriptions
Total 11 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-23443 1 Fortinet 1 Fortisoar 2024-10-25 7.5 High
An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests.
CVE-2022-30298 1 Fortinet 1 Fortisoar 2024-10-25 7 High
An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root.
CVE-2022-29061 1 Fortinet 1 Fortisoar 2024-10-25 7.2 High
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests.
CVE-2023-25605 1 Fortinet 1 Fortisoar 2024-10-23 7.5 High
A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.
CVE-2023-27995 1 Fortinet 1 Fortisoar 2024-10-23 7.2 High
A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload.
CVE-2022-29062 1 Fortinet 1 Fortisoar 2024-10-22 6.3 Medium
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests.
CVE-2022-35847 1 Fortinet 1 Fortisoar 2024-10-22 6.3 Medium
An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload.
CVE-2022-42473 1 Fortinet 1 Fortisoar 2024-10-22 5.3 Medium
A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password.
CVE-2022-38379 1 Fortinet 1 Fortisoar 2024-10-22 3.4 Low
Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR.
CVE-2024-45327 1 Fortinet 1 Fortisoar 2024-09-12 7.1 High
An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests.
CVE-2023-26211 1 Fortinet 1 Fortisoar 2024-08-22 6.4 Medium
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.