📦 Fortisoar
by Fortinet
🔍 What is Fortisoar?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability allows attackers to execute arbitrary code on Fortinet FortiSOAR systems by manipulating CSV files. Attackers can craft malicious CSV files containing formula elements that aren't p...
This CVE describes a local privilege escalation vulnerability in FortiSOAR where an attacker with existing low-privileged shell access can execute arbitrary OS commands with elevated privileges. It af...
An improper authorization vulnerability in FortiSOAR's change password endpoint allows authenticated attackers to perform brute force attacks against user and administrator passwords. This affects For...
This vulnerability allows authenticated attackers on the FortiSOAR administrative interface to perform unauthorized actions via crafted HTTP requests. It affects Fortinet FortiSOAR versions 7.3.0 thro...
CVE-2022-23443 is an improper access control vulnerability in Fortinet FortiSOAR that allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. This affects organizati...
This stored cross-site scripting (XSS) vulnerability in FortiSOAR's web interface allows authenticated attackers to inject malicious scripts into service requests. When other users view these requests...
A relative path traversal vulnerability in FortiSOAR allows authenticated attackers to read arbitrary files by uploading malicious solution packs. This affects FortiSOAR versions 7.3.x, 7.4.x, 7.5.0-7...
This vulnerability allows attackers to poison web caches by sending crafted HTTP requests with malicious Host headers to Fortinet devices. Attackers can redirect users to arbitrary malicious servers, ...
This vulnerability allows authenticated attackers to inject malicious scripts into FortiSOAR playbooks, which then execute in victims' browsers when viewing those playbooks. It affects FortiSOAR versi...
This vulnerability allows unauthenticated attackers to enumerate valid user accounts on Fortinet products by observing differences in login response behavior. Attackers can identify which usernames ex...
This is a stored cross-site scripting (XSS) vulnerability in Fortinet FortiSOAR's Communications module that allows authenticated attackers to inject malicious scripts into web pages. When exploited, ...
This CVE describes SQL injection vulnerabilities in FortiSOAR that allow authenticated attackers to execute unauthorized SQL commands via crafted string parameters. Affected systems include FortiSOAR ...