Vulnerabilities > Fortinet > Fortisoar > 7.3.0

DATE CVE VULNERABILITY TITLE RISK
2025-01-14 CVE-2024-36510 Information Exposure Through Discrepancy vulnerability in Fortinet Forticlientems and Fortisoar
An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses.
network
low complexity
fortinet CWE-203
5.3
5.3
2025-01-14 CVE-2024-48893 Cross-site Scripting vulnerability in Fortinet Fortisoar
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malicious playbook.
network
low complexity
fortinet CWE-79
5.4
5.4
2024-09-11 CVE-2024-45327 Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortisoar
An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests.
network
high complexity
fortinet CWE-307
7.5
7.5
2024-08-13 CVE-2023-26211 Cross-site Scripting vulnerability in Fortinet Fortisoar
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.
network
low complexity
fortinet CWE-79
critical
 9.0
9.0
2024-06-03 CVE-2024-31493 Unspecified vulnerability in Fortinet Fortisoar
An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.
network
low complexity
fortinet
6.5
6.5
2023-04-11 CVE-2023-27995 Unspecified vulnerability in Fortinet Fortisoar 7.3.0/7.3.1
A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload.
network
low complexity
fortinet
8.8
8.8
2023-03-07 CVE-2023-25605 Unspecified vulnerability in Fortinet Fortisoar 7.3.0/7.3.1
A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.
network
low complexity
fortinet
7.2
7.2