Fortinet

Fortisoar

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2024-48892

  • EPSS 0.06%
  • Veröffentlicht 12.08.2025 19:00:07
  • Zuletzt bearbeitet 14.08.2025 01:14:06

A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack.

5.4

CVE-2025-32932

  • EPSS 0.05%
  • Veröffentlicht 12.08.2025 19:00:01
  • Zuletzt bearbeitet 15.08.2025 12:25:28

An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 ...

8.4

CVE-2024-21760

  • EPSS 0.13%
  • Veröffentlicht 18.03.2025 13:56:44
  • Zuletzt bearbeitet 24.07.2025 19:17:39

An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execu...

6.1

CVE-2022-23439

  • EPSS 0.06%
  • Veröffentlicht 22.01.2025 10:15:07
  • Zuletzt bearbeitet 12.02.2025 13:39:42

A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before v...

5.4

CVE-2024-48893

  • EPSS 0.13%
  • Veröffentlicht 14.01.2025 14:15:33
  • Zuletzt bearbeitet 03.02.2025 22:12:20

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of ...

8

CVE-2024-47572

  • EPSS 0.15%
  • Veröffentlicht 14.01.2025 14:15:32
  • Zuletzt bearbeitet 16.07.2025 13:03:52

An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file

5.3

CVE-2024-36510

  • EPSS 0.12%
  • Veröffentlicht 14.01.2025 14:15:30
  • Zuletzt bearbeitet 31.01.2025 16:30:50

An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a...

7.5

CVE-2024-45327

  • EPSS 0.09%
  • Veröffentlicht 11.09.2024 10:15:02
  • Zuletzt bearbeitet 21.01.2025 21:58:26

An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on ...

9

CVE-2023-26211

  • EPSS 1.05%
  • Veröffentlicht 13.08.2024 16:15:08
  • Zuletzt bearbeitet 22.08.2024 14:33:54

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.

8.8

CVE-2023-23775

  • EPSS 0.06%
  • Veröffentlicht 11.06.2024 15:15:53
  • Zuletzt bearbeitet 21.01.2025 21:56:39

Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerabilities [CWE-89] in FortiSOAR 7.2.0 and before 7.0.3 may allow an authenticated attacker to execute unauthorized code or commands via specifically cra...