Vulnerabilities > Fortinet > Fortisoar > 7.0.2

DATE CVE VULNERABILITY TITLE RISK
2022-11-02 CVE-2022-42473 Missing Authentication for Critical Function vulnerability in Fortinet Fortisoar
A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password.
local
low complexity
fortinet CWE-306
5.5
5.5
2022-09-06 CVE-2022-35847 Code Injection vulnerability in Fortinet Fortisoar
An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload.
network
low complexity
fortinet CWE-94
8.8
8.8
2022-05-04 CVE-2022-23443 Unspecified vulnerability in Fortinet Fortisoar
An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests.
network
low complexity
fortinet
7.5
7.5