Fortisoar On Premise
Monthly
Fortinet FortiSOAR (both PaaS and on-premise versions 7.3-7.6.3) contains a path traversal vulnerability in File Content Extraction actions that allows authenticated remote attackers to read arbitrary files outside the intended directory with high confidentiality impact. The vulnerability requires valid credentials and is exploitable over the network with no user interaction; CVSS 6.5 reflects medium-to-high severity for a cloud security platform handling sensitive workflows.
Authentication bypass in Fortinet FortiSOAR allows unauthenticated remote attackers to circumvent two-factor authentication (2FA) protections via replay attacks against intercepted authentication tokens. Affects both PaaS and on-premise deployments of FortiSOAR versions 7.5.0-7.5.2 and 7.6.0-7.6.3. Successful exploitation requires network positioning to intercept and decrypt authentication traffic, then replay captured 2FA requests before token expiration (CVSS:3.1/AV:N/AC:H/PR:N/UI:R). EPSS data not available; no public exploit code or CISA KEV listing identified at time of analysis, though the precise attack requirements (traffic interception, decryption, timing) increase complexity beyond simple network access.
Server-side request forgery in Fortinet FortiSOAR (both PaaS and on-premise versions 7.3 through 7.6.4) allows authenticated attackers to discover services running on local ports by crafting malicious requests. The vulnerability requires valid user credentials and carries a CVSS score of 4.3 with low confidentiality impact; no public exploit code or active exploitation has been confirmed at this time.
Fortinet FortiSOAR transmits sensitive information in cleartext over the network, allowing authenticated remote attackers to disclose confidential data. The vulnerability affects both PaaS and on-premise deployments across versions 7.3 through 7.6.x, with CVSS 6.5 reflecting moderate confidentiality impact requiring low-privilege authentication. No public exploit code or active exploitation has been confirmed at time of analysis.
Fortinet FortiSOAR (both PaaS and on-premise versions 7.3-7.6.x) transmits sensitive authentication credentials in cleartext in API responses for Secure Message Exchange and RADIUS configurations, allowing authenticated attackers with network access to intercept and view passwords. The vulnerability requires user interaction (UI:R) and prior authentication (PR:L), affecting confidentiality of stored credentials in these integrations with a CVSS score of 5.7.
Fortinet FortiSOAR stores LDAP service account passwords in a recoverable format, allowing authenticated high-privilege remote attackers to retrieve plaintext or weakly protected credentials by modifying the LDAP server address in configuration. This affects FortiSOAR PaaS and on-premise versions 7.3 through 7.6.4. The vulnerability requires high-level administrative authentication and poses a confidentiality risk to stored credentials, with no evidence of active exploitation or public exploit code at time of analysis.
Stored cross-site scripting (XSS) in Fortinet FortiSOAR allows authenticated remote attackers to inject malicious scripts via crafted HTTP requests, affecting both PaaS and on-premise deployments across versions 7.3 through 7.6.3. The vulnerability requires user interaction to trigger the payload and results in limited confidentiality and integrity impact, with a CVSS score of 4.6 reflecting the authentication requirement and user-interaction dependency. No public exploit code or active exploitation has been confirmed at the time of analysis.
Fortinet FortiSOAR PaaS and on-premise versions 7.3 through 7.6.4 store connector passwords in a recoverable format, allowing authenticated remote attackers to retrieve plaintext or weakly encrypted credentials for multiple installed connectors by modifying the server address in connector configuration. This affects security orchestration workflows that depend on connector authentication for external integrations.
Fortinet FortiSOAR (both PaaS and on-premise versions 7.3-7.6.3) contains a path traversal vulnerability in File Content Extraction actions that allows authenticated remote attackers to read arbitrary files outside the intended directory with high confidentiality impact. The vulnerability requires valid credentials and is exploitable over the network with no user interaction; CVSS 6.5 reflects medium-to-high severity for a cloud security platform handling sensitive workflows.
Authentication bypass in Fortinet FortiSOAR allows unauthenticated remote attackers to circumvent two-factor authentication (2FA) protections via replay attacks against intercepted authentication tokens. Affects both PaaS and on-premise deployments of FortiSOAR versions 7.5.0-7.5.2 and 7.6.0-7.6.3. Successful exploitation requires network positioning to intercept and decrypt authentication traffic, then replay captured 2FA requests before token expiration (CVSS:3.1/AV:N/AC:H/PR:N/UI:R). EPSS data not available; no public exploit code or CISA KEV listing identified at time of analysis, though the precise attack requirements (traffic interception, decryption, timing) increase complexity beyond simple network access.
Server-side request forgery in Fortinet FortiSOAR (both PaaS and on-premise versions 7.3 through 7.6.4) allows authenticated attackers to discover services running on local ports by crafting malicious requests. The vulnerability requires valid user credentials and carries a CVSS score of 4.3 with low confidentiality impact; no public exploit code or active exploitation has been confirmed at this time.
Fortinet FortiSOAR transmits sensitive information in cleartext over the network, allowing authenticated remote attackers to disclose confidential data. The vulnerability affects both PaaS and on-premise deployments across versions 7.3 through 7.6.x, with CVSS 6.5 reflecting moderate confidentiality impact requiring low-privilege authentication. No public exploit code or active exploitation has been confirmed at time of analysis.
Fortinet FortiSOAR (both PaaS and on-premise versions 7.3-7.6.x) transmits sensitive authentication credentials in cleartext in API responses for Secure Message Exchange and RADIUS configurations, allowing authenticated attackers with network access to intercept and view passwords. The vulnerability requires user interaction (UI:R) and prior authentication (PR:L), affecting confidentiality of stored credentials in these integrations with a CVSS score of 5.7.
Fortinet FortiSOAR stores LDAP service account passwords in a recoverable format, allowing authenticated high-privilege remote attackers to retrieve plaintext or weakly protected credentials by modifying the LDAP server address in configuration. This affects FortiSOAR PaaS and on-premise versions 7.3 through 7.6.4. The vulnerability requires high-level administrative authentication and poses a confidentiality risk to stored credentials, with no evidence of active exploitation or public exploit code at time of analysis.
Stored cross-site scripting (XSS) in Fortinet FortiSOAR allows authenticated remote attackers to inject malicious scripts via crafted HTTP requests, affecting both PaaS and on-premise deployments across versions 7.3 through 7.6.3. The vulnerability requires user interaction to trigger the payload and results in limited confidentiality and integrity impact, with a CVSS score of 4.6 reflecting the authentication requirement and user-interaction dependency. No public exploit code or active exploitation has been confirmed at the time of analysis.
Fortinet FortiSOAR PaaS and on-premise versions 7.3 through 7.6.4 store connector passwords in a recoverable format, allowing authenticated remote attackers to retrieve plaintext or weakly encrypted credentials for multiple installed connectors by modifying the server address in connector configuration. This affects security orchestration workflows that depend on connector authentication for external integrations.