Fortinet

Fortisoar

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-45327

  • EPSS 0.51%
  • Veröffentlicht 11.09.2024 10:15:02
  • Zuletzt bearbeitet 21.01.2025 21:58:26

An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on ...

9

CVE-2023-26211

  • EPSS 2.03%
  • Veröffentlicht 13.08.2024 16:15:08
  • Zuletzt bearbeitet 22.08.2024 14:33:54

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.

8.8

CVE-2023-23775

  • EPSS 0.06%
  • Veröffentlicht 11.06.2024 15:15:53
  • Zuletzt bearbeitet 21.01.2025 21:56:39

Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerabilities [CWE-89] in FortiSOAR 7.2.0 and before 7.0.3 may allow an authenticated attacker to execute unauthorized code or commands via specifically cra...

6.5

CVE-2024-31493

  • EPSS 0.47%
  • Veröffentlicht 03.06.2024 08:15:09
  • Zuletzt bearbeitet 21.01.2025 21:49:55

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in...

8.8

CVE-2023-27995

  • EPSS 2.33%
  • Veröffentlicht 11.04.2023 17:15:08
  • Zuletzt bearbeitet 21.11.2024 07:53:53

A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload.

7.2

CVE-2023-25605

  • EPSS 0.24%
  • Veröffentlicht 07.03.2023 17:15:12
  • Zuletzt bearbeitet 21.11.2024 07:49:49

A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.

5.4

CVE-2022-38379

  • EPSS 0.63%
  • Veröffentlicht 06.12.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 07:16:21

Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR.

5.5

CVE-2022-42473

  • EPSS 0.05%
  • Veröffentlicht 02.11.2022 12:15:55
  • Zuletzt bearbeitet 21.11.2024 07:25:02

A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password.

7.2

CVE-2022-29061

  • EPSS 2.95%
  • Veröffentlicht 09.09.2022 07:15:07
  • Zuletzt bearbeitet 21.11.2024 06:58:25

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET req...

8.8

CVE-2022-35847

  • EPSS 1.43%
  • Veröffentlicht 06.09.2022 18:15:15
  • Zuletzt bearbeitet 21.11.2024 07:11:48

An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary cod...