cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-23439,https://securityvulnerability.io/vulnerability/CVE-2022-23439,External Resource Referencing Vulnerability in Fortinet Products,"This vulnerability in Fortinet products allows attackers to perform web cache poisoning through specially crafted HTTP requests. By manipulating the 'Host' header to point to a malicious web server, an adversary can inject harmful resources into the cache, potentially impacting the integrity and availability of cached content for users. Multiple Fortinet products are affected, creating a significant security risk that necessitates prompt updates and remediation.",Fortinet,"Fortitester,FortiOS,Fortimail,Fortiswitch,Fortiddos-f,Fortiproxy,Fortirecorder,Fortindr,Fortiadc,Fortimanager,Fortisoar,Fortivoice,Fortiddos,Fortiwlc,Fortianalyzer,Fortiportal,Fortiauthenticator",6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-22T10:15:00.000Z,0
CVE-2024-36510,https://securityvulnerability.io/vulnerability/CVE-2024-36510,Observable Response Discrepancy Vulnerability in Fortinet Products,"An observable response discrepancy vulnerability exists in FortiClientEMS and FortiSOAR, allowing unauthenticated attackers to potentially enumerate valid users by analyzing the variations in login request responses. This could lead to an increased risk of unauthorized access and exploitation. It is crucial for organizations using these Fortinet products to implement remedial measures to safeguard user authentication mechanisms and ensure robust security practices.",Fortinet,"Forticlientems,Fortisoar",5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-48890,https://securityvulnerability.io/vulnerability/CVE-2024-48890,OS Command Injection in FortiSOAR IMAP Connector by Fortinet,"An OS Command Injection vulnerability exists in the FortiSOAR IMAP connector, specifically in version 3.5.7 and earlier. This flaw arises from the improper handling of special elements in an OS command context, which can allow an authenticated attacker to craft a malicious playbook and execute unauthorized code. Exploiting this vulnerability could lead to serious consequences, including unauthorized access to sensitive system functions.",Fortinet,Fortisoar,8.8,HIGH,0.0005200000014156103,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-47572,https://securityvulnerability.io/vulnerability/CVE-2024-47572,Improper Neutralization in Fortinet FortiSOAR Product for CSV File Handling,"Fortinet FortiSOAR versions 7.2.1 through 7.4.1 contain a vulnerability that allows attackers to inject malicious code through improperly sanitized elements in CSV files. By manipulating the data exchanged in CSV format, an unauthorized actor can execute arbitrary commands, potentially compromising the confidentiality, integrity, and availability of affected systems. This vulnerability underscores the importance of secure coding practices and thorough input validation to mitigate risks associated with file handling.",Fortinet,Fortisoar,8.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T14:15:00.000Z,0
CVE-2024-45327,https://securityvulnerability.io/vulnerability/CVE-2024-45327,Brute Force Attack Through Change Password Endpoint,"FortiSOAR, a security orchestration tool by Fortinet, contains an improper authorization vulnerability that may be exploited by authenticated attackers. This flaw exists within the change password endpoint across multiple versions, including 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, and 7.0.0 through 7.0.3. Attackers can leverage this vulnerability to conduct brute force password attacks through specially crafted HTTP requests, posing significant risks to user and administrator credentials.",Fortinet,Fortisoar,7.5,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-09-11T09:53:46.087Z,0
CVE-2023-26211,https://securityvulnerability.io/vulnerability/CVE-2023-26211,Arbitrary Web Script or HTML Injection in FortiSOAR 7.3.0-7.3.2,"An improper neutralization of input during web page generation in Fortinet FortiSOAR versions 7.3.0 to 7.3.2 enables an authenticated remote attacker to exploit the Communications module. This vulnerability permits the injection of arbitrary web script or HTML, potentially compromising the security of web interactions and leading to unauthorized access to sensitive information.",Fortinet,Fortisoar,9,CRITICAL,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-08-13T15:51:56.864Z,0
CVE-2023-23775,https://securityvulnerability.io/vulnerability/CVE-2023-23775,Unauthorized Code Execution via SQL Injection in FortiSOAR,"The identified vulnerabilities in FortiSOAR products arise from multiple instances of improper handling of special elements in SQL commands, which are classified under SQL injection threats. These vulnerabilities enable an authenticated attacker to execute unauthorized commands by sending specially crafted string parameters. This may lead to severe implications for data integrity and system security, necessitating swift remedial actions.",Fortinet,Fortisoar,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-06-11T14:32:00.651Z,0
CVE-2024-31493,https://securityvulnerability.io/vulnerability/CVE-2024-31493,Plain-text Connector Passwords Vulnerability,"An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.",Fortinet,Fortisoar,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-06-03T07:55:29.476Z,0
CVE-2023-27995,https://securityvulnerability.io/vulnerability/CVE-2023-27995,Remote Code Execution in Fortinet FortiSOAR by Authenticated Attackers,"Fortinet FortiSOAR versions 7.3.0 and 7.3.1 are susceptible to a vulnerability that allows an authenticated remote attacker to execute arbitrary code. This issue arises from improper handling of special elements within the template engine, enabling attackers to send specially crafted payloads that exploit the vulnerability. Organizations using affected versions are advised to take immediate action to mitigate potential security breaches.",Fortinet,Fortisoar,7.2,HIGH,0.0020000000949949026,false,,false,false,false,,,false,false,,2023-04-11T17:15:00.000Z,0
CVE-2023-25605,https://securityvulnerability.io/vulnerability/CVE-2023-25605,Improper Access Control Flaw in Fortinet FortiSOAR Product,"An improper access control vulnerability exists in Fortinet's FortiSOAR, versions 7.3.0 and 7.3.1. This flaw allows an attacker who is already authenticated to the administrative interface to execute unauthorized actions by sending specially crafted HTTP requests. It highlights the risks posed by insufficient access controls and underscores the importance of robust security measures to safeguard administrative interfaces from unauthorized manipulation.",Fortinet,Fortisoar,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2023-03-07T17:15:00.000Z,0
CVE-2022-38379,https://securityvulnerability.io/vulnerability/CVE-2022-38379,Web Application Security Flaw in FortiSOAR by Fortinet,"In FortiSOAR versions 7.0.0 through 7.0.3 and 7.2.0, an authenticated attacker can exploit a weakness in input handling, allowing the injection of malicious HTML tags. This vulnerability arises from improper neutralization during web page generation, which may compromise the integrity and security of web applications utilizing FortiSOAR.",Fortinet,Fortisoar,3.4,LOW,0.000539999979082495,false,,false,false,false,,,false,false,,2022-12-06T16:00:58.746Z,0
CVE-2022-42473,https://securityvulnerability.io/vulnerability/CVE-2022-42473,Missing Authentication Vulnerability in Fortinet FortiSOAR Products,"A vulnerability in Fortinet FortiSOAR across multiple versions allows an attacker to access sensitive information by exploiting a missing authentication mechanism. This flaw enables unauthorized users to log into the database with a privileged account without supplying a password, thus posing a significant risk to the confidentiality and integrity of the system.",Fortinet,Fortinet Fortisoar,5.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-29061,https://securityvulnerability.io/vulnerability/CVE-2022-29061,OS Command Injection Vulnerability in Fortinet FortiSOAR,"An OS Command Injection flaw in Fortinet FortiSOAR prior to version 7.2.1 allows authenticated attackers to exploit the input handling of crafted HTTP GET requests. This vulnerability enables the execution of unauthorized commands, posing a significant risk to system integrity and confidentiality.",Fortinet,Fortinet Fortisoar,7.2,HIGH,0.0014799999771639705,false,,false,false,false,,,false,false,,2022-09-09T06:55:08.000Z,0
CVE-2022-35847,https://securityvulnerability.io/vulnerability/CVE-2022-35847,Improper Neutralization in FortiSOAR Management Interface,"An issue has been identified within the FortiSOAR management interface, where improper handling of special elements in the template engine can be exploited. A remote and authenticated attacker could leverage this vulnerability to execute arbitrary code through a specially crafted payload, posing significant risks to the integrity and security of affected systems.",Fortinet,Fortinet Fortisoar,6.3,MEDIUM,0.001120000029914081,false,,false,false,false,,,false,false,,2022-09-06T15:15:28.000Z,0
CVE-2022-30298,https://securityvulnerability.io/vulnerability/CVE-2022-30298,Improper Privilege Management in Fortinet FortiSOAR,"An improper privilege management vulnerability in Fortinet FortiSOAR allows a GUI user, who has potentially exploited system file modifications through other means, to execute arbitrary Python commands with root privileges. This could lead to unauthorized access and manipulation of sensitive system components.",Fortinet,Fortinet Fortisoar,7,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-09-06T15:10:29.000Z,0
CVE-2022-29062,https://securityvulnerability.io/vulnerability/CVE-2022-29062,Path Traversal Vulnerabilities in Fortinet FortiSOAR Software,"Fortinet FortiSOAR prior to version 7.2.1 is susceptible to multiple path traversal vulnerabilities. These vulnerabilities allow an authenticated attacker to craft specific HTTP requests that can manipulate file paths, granting unauthorized write access to the underlying filesystem with nginx permissions. Exploitation of these issues could lead to potential compromise of the affected system and its data integrity.",Fortinet,Fortinet Fortisoar,6.3,MEDIUM,0.000859999970998615,false,,false,false,false,,,false,false,,2022-09-06T15:10:24.000Z,0
CVE-2022-23443,https://securityvulnerability.io/vulnerability/CVE-2022-23443,Improper Access Control in Fortinet FortiSOAR Affects Gateway API Data,Fortinet FortiSOAR prior to version 7.2.0 suffers from an improper access control vulnerability that allows unauthenticated attackers to gain access to sensitive gateway API data through specially crafted HTTP GET requests. This flaw can potentially expose critical information and lead to further exploitation if not addressed promptly.,Fortinet,Fortinet Fortisoar,7.5,HIGH,0.0027099999133497477,false,,false,false,false,,,false,false,,2022-05-04T15:25:21.000Z,0