CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-29061

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.0%

CVSS Severity

CVSS v3 Score 7.2

References

Products affected by CVE-2022-29061

Fortinet » Fortisoar » Version: 6.4.1

cpe:2.3:a:fortinet:fortisoar:6.4.1
Fortinet » Fortisoar » Version: 6.4.3

cpe:2.3:a:fortinet:fortisoar:6.4.3
Fortinet » Fortisoar » Version: 6.4.4

cpe:2.3:a:fortinet:fortisoar:6.4.4
Fortinet » Fortisoar » Version: 7.0.0

cpe:2.3:a:fortinet:fortisoar:7.0.0
Fortinet » Fortisoar » Version: 7.0.1

cpe:2.3:a:fortinet:fortisoar:7.0.1
Fortinet » Fortisoar » Version: 7.0.2

cpe:2.3:a:fortinet:fortisoar:7.0.2
Fortinet » Fortisoar » Version: 7.2.0

cpe:2.3:a:fortinet:fortisoar:7.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-29061

Products

Pricing

Contact Us