Vulnerabilities > Fortinet > Fortisoar > 7.3.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-14 | CVE-2024-36510 | Information Exposure Through Discrepancy vulnerability in Fortinet Forticlientems and Fortisoar An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses. | 5.3 |
| 2025-01-14 | CVE-2024-48893 | Cross-site Scripting vulnerability in Fortinet Fortisoar An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malicious playbook. | 5.4 |
| 2024-09-11 | CVE-2024-45327 | Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortisoar An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests. | 7.5 |
| 2024-08-13 | CVE-2023-26211 | Cross-site Scripting vulnerability in Fortinet Fortisoar An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module. | 9.0 |