cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-42473,https://securityvulnerability.io/vulnerability/CVE-2022-42473,Missing Authentication Vulnerability in Fortinet FortiSOAR Products,"A vulnerability in Fortinet FortiSOAR across multiple versions allows an attacker to access sensitive information by exploiting a missing authentication mechanism. This flaw enables unauthorized users to log into the database with a privileged account without supplying a password, thus posing a significant risk to the confidentiality and integrity of the system.",Fortinet,Fortinet Fortisoar,5.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-29061,https://securityvulnerability.io/vulnerability/CVE-2022-29061,OS Command Injection Vulnerability in Fortinet FortiSOAR,"An OS Command Injection flaw in Fortinet FortiSOAR prior to version 7.2.1 allows authenticated attackers to exploit the input handling of crafted HTTP GET requests. This vulnerability enables the execution of unauthorized commands, posing a significant risk to system integrity and confidentiality.",Fortinet,Fortinet Fortisoar,7.2,HIGH,0.0014799999771639705,false,,false,false,false,,,false,false,,2022-09-09T06:55:08.000Z,0
CVE-2022-35847,https://securityvulnerability.io/vulnerability/CVE-2022-35847,Improper Neutralization in FortiSOAR Management Interface,"An issue has been identified within the FortiSOAR management interface, where improper handling of special elements in the template engine can be exploited. A remote and authenticated attacker could leverage this vulnerability to execute arbitrary code through a specially crafted payload, posing significant risks to the integrity and security of affected systems.",Fortinet,Fortinet Fortisoar,6.3,MEDIUM,0.001120000029914081,false,,false,false,false,,,false,false,,2022-09-06T15:15:28.000Z,0
CVE-2022-30298,https://securityvulnerability.io/vulnerability/CVE-2022-30298,Improper Privilege Management in Fortinet FortiSOAR,"An improper privilege management vulnerability in Fortinet FortiSOAR allows a GUI user, who has potentially exploited system file modifications through other means, to execute arbitrary Python commands with root privileges. This could lead to unauthorized access and manipulation of sensitive system components.",Fortinet,Fortinet Fortisoar,7,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-09-06T15:10:29.000Z,0
CVE-2022-29062,https://securityvulnerability.io/vulnerability/CVE-2022-29062,Path Traversal Vulnerabilities in Fortinet FortiSOAR Software,"Fortinet FortiSOAR prior to version 7.2.1 is susceptible to multiple path traversal vulnerabilities. These vulnerabilities allow an authenticated attacker to craft specific HTTP requests that can manipulate file paths, granting unauthorized write access to the underlying filesystem with nginx permissions. Exploitation of these issues could lead to potential compromise of the affected system and its data integrity.",Fortinet,Fortinet Fortisoar,6.3,MEDIUM,0.000859999970998615,false,,false,false,false,,,false,false,,2022-09-06T15:10:24.000Z,0
CVE-2022-23443,https://securityvulnerability.io/vulnerability/CVE-2022-23443,Improper Access Control in Fortinet FortiSOAR Affects Gateway API Data,Fortinet FortiSOAR prior to version 7.2.0 suffers from an improper access control vulnerability that allows unauthenticated attackers to gain access to sensitive gateway API data through specially crafted HTTP GET requests. This flaw can potentially expose critical information and lead to further exploitation if not addressed promptly.,Fortinet,Fortinet Fortisoar,7.5,HIGH,0.0027099999133497477,false,,false,false,false,,,false,false,,2022-05-04T15:25:21.000Z,0