Vulnerabilities > Fortinet > Fortisoar > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-03 | CVE-2024-31493 | Unspecified vulnerability in Fortinet Fortisoar An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses. | 6.5 |
| 2022-12-06 | CVE-2022-38379 | Cross-site Scripting vulnerability in Fortinet Fortisoar Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR. | 5.4 |
| 2022-11-02 | CVE-2022-42473 | Missing Authentication for Critical Function vulnerability in Fortinet Fortisoar A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password. | 5.5 |
| 2022-09-06 | CVE-2022-29062 | Path Traversal vulnerability in Fortinet Fortisoar Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests. | 6.5 |