Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortisoar vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-27995
A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 up to and including 7.3.1 allows an authenticated, remote malicious user to execute arbitrary code via a crafted payload.
Fortinet Fortisoar
NA
CVE-2023-25605
A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.
Fortinet Fortisoar
NA
CVE-2022-38379
Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 up to and including 7.0.3 and 7.2.0 may allow an authenticated malicious user to inject HTML tags via input fields of various components within FortiSOAR.
Fortinet Fortisoar 7.2.0
Fortinet Fortisoar
NA
CVE-2022-42473
A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an malicious user to disclose information via logging into the database using a privileged account without a password.
Fortinet Fortisoar
Fortinet Fortisoar 7.2.0
NA
CVE-2022-29061
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR prior to 7.2.1 allows an authenticated malicious user to execute unauthorized code or commands via crafted HTTP GET requests.
Fortinet Fortisoar 7.2.0
Fortinet Fortisoar
NA
CVE-2022-29062
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR prior to 7.2.1 allows an authenticated malicious user to write to the underlying filesystem with nginx permissions via crafted HTTP requests.
Fortinet Fortisoar 7.2.0
Fortinet Fortisoar
NA
CVE-2022-30298
An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR prior to 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root.
Fortinet Fortisoar
Fortinet Fortisoar 7.2.0
NA
CVE-2022-35847
An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 up to and including 7.0.3, 6.4.0 up to and including 6.4.4 may allow a remote and authenticated malicious user to execute arbitrary cod...
Fortinet Fortisoar
Fortinet Fortisoar 7.2.0
5
CVSSv2
CVE-2022-23443
An improper access control in Fortinet FortiSOAR prior to 7.2.0 allows unauthenticated malicious users to access gateway API data via crafted HTTP GET requests.
Fortinet Fortisoar 6.0.0
Fortinet Fortisoar
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started