cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-48890,https://securityvulnerability.io/vulnerability/CVE-2024-48890,OS Command Injection in FortiSOAR IMAP Connector by Fortinet,"An OS Command Injection vulnerability exists in the FortiSOAR IMAP connector, specifically in version 3.5.7 and earlier. This flaw arises from the improper handling of special elements in an OS command context, which can allow an authenticated attacker to craft a malicious playbook and execute unauthorized code. Exploiting this vulnerability could lead to serious consequences, including unauthorized access to sensitive system functions.",Fortinet,Fortisoar,6.3,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2024-36510,https://securityvulnerability.io/vulnerability/CVE-2024-36510,Observable Response Discrepancy Vulnerability in Fortinet Products,"An observable response discrepancy vulnerability exists in FortiClientEMS and FortiSOAR, allowing unauthenticated attackers to potentially enumerate valid users by analyzing the variations in login request responses. This could lead to an increased risk of unauthorized access and exploitation. It is crucial for organizations using these Fortinet products to implement remedial measures to safeguard user authentication mechanisms and ensure robust security practices.",Fortinet,"Forticlientems,Fortisoar",4.9,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-14T14:15:00.000Z,0
CVE-2024-45327,https://securityvulnerability.io/vulnerability/CVE-2024-45327,Brute Force Attack Through Change Password Endpoint,"FortiSOAR, a security orchestration tool by Fortinet, contains an improper authorization vulnerability that may be exploited by authenticated attackers. This flaw exists within the change password endpoint across multiple versions, including 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, and 7.0.0 through 7.0.3. Attackers can leverage this vulnerability to conduct brute force password attacks through specially crafted HTTP requests, posing significant risks to user and administrator credentials.",Fortinet,Fortisoar,7.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-09-11T09:53:46.087Z,0
CVE-2023-26211,https://securityvulnerability.io/vulnerability/CVE-2023-26211,Arbitrary Web Script or HTML Injection in FortiSOAR 7.3.0-7.3.2,"An improper neutralization of input during web page generation in Fortinet FortiSOAR versions 7.3.0 to 7.3.2 enables an authenticated remote attacker to exploit the Communications module. This vulnerability permits the injection of arbitrary web script or HTML, potentially compromising the security of web interactions and leading to unauthorized access to sensitive information.",Fortinet,Fortisoar,9,CRITICAL,0.0005000000237487257,false,false,false,false,,false,false,2024-08-13T15:51:56.864Z,0
CVE-2023-23775,https://securityvulnerability.io/vulnerability/CVE-2023-23775,Unauthorized Code Execution via SQL Injection in FortiSOAR,"The identified vulnerabilities in FortiSOAR products arise from multiple instances of improper handling of special elements in SQL commands, which are classified under SQL injection threats. These vulnerabilities enable an authenticated attacker to execute unauthorized commands by sending specially crafted string parameters. This may lead to severe implications for data integrity and system security, necessitating swift remedial actions.",Fortinet,Fortisoar,5.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-06-11T14:32:00.651Z,0
CVE-2024-31493,https://securityvulnerability.io/vulnerability/CVE-2024-31493,Plain-text Connector Passwords Vulnerability,"An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.",Fortinet,Fortisoar,6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-06-03T07:55:29.476Z,0
CVE-2023-27995,https://securityvulnerability.io/vulnerability/CVE-2023-27995,Remote Code Execution in Fortinet FortiSOAR by Authenticated Attackers,"Fortinet FortiSOAR versions 7.3.0 and 7.3.1 are susceptible to a vulnerability that allows an authenticated remote attacker to execute arbitrary code. This issue arises from improper handling of special elements within the template engine, enabling attackers to send specially crafted payloads that exploit the vulnerability. Organizations using affected versions are advised to take immediate action to mitigate potential security breaches.",Fortinet,Fortisoar,7.2,HIGH,0.0020000000949949026,false,false,false,false,,false,false,2023-04-11T17:15:00.000Z,0
CVE-2023-25605,https://securityvulnerability.io/vulnerability/CVE-2023-25605,Improper Access Control Flaw in Fortinet FortiSOAR Product,"An improper access control vulnerability exists in Fortinet's FortiSOAR, versions 7.3.0 and 7.3.1. This flaw allows an attacker who is already authenticated to the administrative interface to execute unauthorized actions by sending specially crafted HTTP requests. It highlights the risks posed by insufficient access controls and underscores the importance of robust security measures to safeguard administrative interfaces from unauthorized manipulation.",Fortinet,Fortisoar,7.5,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2023-03-07T17:15:00.000Z,0
CVE-2022-38379,https://securityvulnerability.io/vulnerability/CVE-2022-38379,,Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR.,Fortinet,Fortisoar,3.4,LOW,0.000539999979082495,false,false,false,false,,false,false,2022-12-06T16:00:58.746Z,0
CVE-2022-42473,https://securityvulnerability.io/vulnerability/CVE-2022-42473,,A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password.,Fortinet,Fortinet Fortisoar,5.3,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-11-02T00:00:00.000Z,0
CVE-2022-29061,https://securityvulnerability.io/vulnerability/CVE-2022-29061,,An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests.,Fortinet,Fortinet Fortisoar,7.2,HIGH,0.0014799999771639705,false,false,false,false,,false,false,2022-09-09T06:55:08.000Z,0
CVE-2022-35847,https://securityvulnerability.io/vulnerability/CVE-2022-35847,,"An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload.",Fortinet,Fortinet Fortisoar,6.3,MEDIUM,0.001120000029914081,false,false,false,false,,false,false,2022-09-06T15:15:28.000Z,0
CVE-2022-30298,https://securityvulnerability.io/vulnerability/CVE-2022-30298,,"An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root.",Fortinet,Fortinet Fortisoar,7,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2022-09-06T15:10:29.000Z,0
CVE-2022-29062,https://securityvulnerability.io/vulnerability/CVE-2022-29062,,Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests.,Fortinet,Fortinet Fortisoar,6.3,MEDIUM,0.000859999970998615,false,false,false,false,,false,false,2022-09-06T15:10:24.000Z,0
CVE-2022-23443,https://securityvulnerability.io/vulnerability/CVE-2022-23443,,An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests.,Fortinet,Fortinet Fortisoar,7.5,HIGH,0.0027099999133497477,false,false,false,false,,false,false,2022-05-04T15:25:21.000Z,0