Fortisoar

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-13	CVE-2023-26211	Cross-site Scripting vulnerability in Fortinet Fortisoar An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module. network low complexity fortinet CWE-79 critical	9.0
2023-04-11	CVE-2023-27995	Unspecified vulnerability in Fortinet Fortisoar 7.3.0/7.3.1 A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload. network low complexity fortinet	8.8
2023-03-07	CVE-2023-25605	Unspecified vulnerability in Fortinet Fortisoar 7.3.0/7.3.1 A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests. network low complexity fortinet	7.2
2022-12-06	CVE-2022-38379	Cross-site Scripting vulnerability in Fortinet Fortisoar Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR. network low complexity fortinet CWE-79	5.4
2022-11-02	CVE-2022-42473	Missing Authentication for Critical Function vulnerability in Fortinet Fortisoar A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password. local low complexity fortinet CWE-306	5.5
2022-09-09	CVE-2022-29061	OS Command Injection vulnerability in Fortinet Fortisoar An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests. network low complexity fortinet CWE-78	7.2
2022-09-06	CVE-2022-29062	Path Traversal vulnerability in Fortinet Fortisoar Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests. network low complexity fortinet CWE-22	6.5
2022-09-06	CVE-2022-30298	Improper Privilege Management vulnerability in Fortinet Fortisoar An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root. local low complexity fortinet CWE-269	7.8
2022-09-06	CVE-2022-35847	Code Injection vulnerability in Fortinet Fortisoar An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload. network low complexity fortinet CWE-94	8.8
2022-05-04	CVE-2022-23443	Unspecified vulnerability in Fortinet Fortisoar An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. network low complexity fortinet	7.5