Fortinet

Fortisoar

20 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.9

CVE-2024-48892

  • EPSS 0.06%
  • Published 12.08.2025 19:00:07
  • Last modified 14.08.2025 01:14:06

A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack.

5.4

CVE-2025-32932

  • EPSS 0.05%
  • Published 12.08.2025 19:00:01
  • Last modified 15.08.2025 12:25:28

An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 ...

8.4

CVE-2024-21760

  • EPSS 0.13%
  • Published 18.03.2025 13:56:44
  • Last modified 24.07.2025 19:17:39

An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execu...

6.1

CVE-2022-23439

  • EPSS 0.06%
  • Published 22.01.2025 10:15:07
  • Last modified 12.02.2025 13:39:42

A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before v...

5.4

CVE-2024-48893

  • EPSS 0.13%
  • Published 14.01.2025 14:15:33
  • Last modified 03.02.2025 22:12:20

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of ...

8

CVE-2024-47572

  • EPSS 0.15%
  • Published 14.01.2025 14:15:32
  • Last modified 16.07.2025 13:03:52

An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file

5.3

CVE-2024-36510

  • EPSS 0.12%
  • Published 14.01.2025 14:15:30
  • Last modified 31.01.2025 16:30:50

An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a...

7.5

CVE-2024-45327

  • EPSS 0.09%
  • Published 11.09.2024 10:15:02
  • Last modified 21.01.2025 21:58:26

An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on ...

9

CVE-2023-26211

  • EPSS 1.05%
  • Published 13.08.2024 16:15:08
  • Last modified 22.08.2024 14:33:54

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.

8.8

CVE-2023-23775

  • EPSS 0.06%
  • Published 11.06.2024 15:15:53
  • Last modified 21.01.2025 21:56:39

Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerabilities [CWE-89] in FortiSOAR 7.2.0 and before 7.0.3 may allow an authenticated attacker to execute unauthorized code or commands via specifically cra...