Vulnerabilities > Fortinet > Fortisoar
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-06 | CVE-2022-30298 | Improper Privilege Management vulnerability in Fortinet Fortisoar An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root. | 7.8 |
| 2022-09-06 | CVE-2022-35847 | Code Injection vulnerability in Fortinet Fortisoar An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload. | 8.8 |
| 2022-05-04 | CVE-2022-23443 | Unspecified vulnerability in Fortinet Fortisoar An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. | 7.5 |