NotCVE - vendor:"Fortinet" product:"FortiSOAR" version:" >= 7.4.0 <= 7.4.4"

6 results (0.003 seconds)

CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-48892

https://notcve.org/view.php?id=CVE-2024-48892

12 Aug 2025 — A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack. • https://fortiguard.fortinet.com/psirt/FG-IR-24-421 • CWE-23: Relative Path Traversal •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2025-32932

https://notcve.org/view.php?id=CVE-2025-32932

12 Aug 2025 — An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored malicious service requests • https://fortiguard.fortinet.com/psirt/FG-IR-24-513 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0

CVE-2024-21760

https://notcve.org/view.php?id=CVE-2024-21760

18 Mar 2025 — An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code snippet. • https://fortiguard.fortinet.com/psirt/FG-IR-23-420 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0

CVE-2024-47572

https://notcve.org/view.php?id=CVE-2024-47572

14 Jan 2025 — An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file • https://fortiguard.fortinet.com/psirt/FG-IR-24-210 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •

CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0

CVE-2024-36510

https://notcve.org/view.php?id=CVE-2024-36510

14 Jan 2025 — An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses. • https://fortiguard.fortinet.com/psirt/FG-IR-24-071 • CWE-204: Observable Response Discrepancy •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2024-45327

https://notcve.org/view.php?id=CVE-2024-45327

11 Sep 2024 — An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTTP requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-048 • CWE-307: Improper Restriction of Excessive Authentication Attempts •