Shodan
Vulnerabilities
Vulnerable Software
Fortinet:  >> Fortisoar  Security Vulnerabilities
CVE-2023-25605
A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-03-07
CVE-2022-38379
Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR.
CVSS Score
3.5
EPSS Score
0.004
Published
2022-12-06
CVE-2022-42473
A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-11-02
CVE-2022-29061
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests.
CVSS Score
7.2
EPSS Score
0.007
Published
2022-09-09
CVE-2022-30298
An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root.
CVSS Score
7.0
EPSS Score
0.001
Published
2022-09-06
CVE-2022-35847
An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload.
CVSS Score
6.3
EPSS Score
0.003
Published
2022-09-06
CVE-2022-29062
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests.
CVSS Score
6.3
EPSS Score
0.002
Published
2022-09-06
CVE-2022-23443
An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests.
CVSS Score
7.5
EPSS Score
0.018
Published
2022-05-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved