NotCVE - vendor:"Fortinet" product:"Fortisoar"

Page 2 of 19 results (0.016 seconds)

CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0

CVE-2023-27995

https://notcve.org/view.php?id=CVE-2023-27995

11 Apr 2023 — A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload. • https://fortiguard.com/psirt/FG-IR-23-051 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-25605

https://notcve.org/view.php?id=CVE-2023-25605

07 Mar 2023 — A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-23-050 • CWE-284: Improper Access Control •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-38379

https://notcve.org/view.php?id=CVE-2022-38379

06 Dec 2022 — Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR. La neutralización incorrecta de la entrada durante la generación de la página web [CWE-79] en FortiSOAR 7.0.0 hasta 7.0.3 y 7.2.0 puede permitir que un atacante autenticado inyecte etiquetas HTML a través de campos de entrada de varios componentes dentro de FortiSOAR. • https://fortiguard.com/psirt/FG-IR-22-220 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-42473

https://notcve.org/view.php?id=CVE-2022-42473

02 Nov 2022 — A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password. Una autenticación faltante para una vulnerabilidad de función crítica en Fortinet FortiSOAR 6.4.0 - 6.4.4 y 7.0.0 - 7.0.3 y 7.2.0 permite a un atacante revelar información iniciando sesión en la base de datos usando una cuenta privilegiada sin contraseña. • https://fortiguard.com/psirt/FG-IR-22-216 • CWE-306: Missing Authentication for Critical Function •

CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-29061

https://notcve.org/view.php?id=CVE-2022-29061

09 Sep 2022 — An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests. Una vulnerabilidad de neutralización inapropiada de los elementos especiales usados en un comando OS ("Inyección de comandos del Sistema Operativo") [CWE-78] en Fortinet FortiSOAR versiones anteriores a 7.2.1, permite a un atacante autenticado ejecutar có... • https://fortiguard.com/psirt/FG-IR-22-156 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-35847

https://notcve.org/view.php?id=CVE-2022-35847

06 Sep 2022 — An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload. Una vulnerabilidad de neutralización inapropiada de los elementos especiales usados en el motor de plantillas [CWE-1336] en la interfaz de administración de FortiSOAR versiones 7.2.0, 7.0.0 hasta 7.0.3, 6.4.0 hasta 6.4.4 puede permitir a... • https://fortiguard.com/psirt/FG-IR-22-306 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-30298

https://notcve.org/view.php?id=CVE-2022-30298

06 Sep 2022 — An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root. Una vulnerabilidad de administración de privilegios inapropiada [CWE-269] en Fortinet FortiSOAR versiones anteriores a 7.2.1, permite a un usuario de la Interfaz Gráfica de Usuario que ya ha encontrado la forma de modificar los archivos del sistema (por m... • https://fortiguard.com/psirt/FG-IR-22-152 • CWE-269: Improper Privilege Management •

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-29062

https://notcve.org/view.php?id=CVE-2022-29062

06 Sep 2022 — Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests. Múltiples vulnerabilidades de salto de ruta relativo [CWE-23] en Fortinet FortiSOAR versiones anteriores a 7.2.1 permiten a un atacante autenticado escribir en el sistema de archivos subyacente con permisos de nginx por medio de peticiones HTTP diseñadas. • https://fortiguard.com/psirt/FG-IR-22-154 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0

CVE-2022-23443

https://notcve.org/view.php?id=CVE-2022-23443

04 May 2022 — An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. Un control de acceso inapropiado en Fortinet FortiSOAR versiones anteriores a 7.2.0, permite a atacantes no autenticados acceder a los datos de la API de la pasarela por medio de peticiones HTTP GET diseñadas • https://fortiguard.com/psirt/FG-IR-22-041 •

1 2