fortisoar · threatengine.sh

CVE-2026-23708

>= 7.5.0 and < 7.5.3

A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiS

7.5HIGH

CVE-2026-22576

>= 7.3.0 and < 7.5.3

A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 thr

4.3MEDIUM

CVE-2026-22574

>= 7.3.0 and < 7.5.3

A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 thr

4.1MEDIUM

CVE-2026-22573

>= 7.3.0 and <= 7.3.3

An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 t

6.5MEDIUM

CVE-2026-22155

>= 7.3.0 and < 7.5.3

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5

6.5MEDIUM

CVE-2026-22154

>= 7.3.0 and < 7.5.3

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7

4.6MEDIUM

CVE-2026-21742

>= 7.3.0 and < 7.5.3

A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5

5.7MEDIUM

CVE-2025-59809

>= 7.3.0 and < 7.5.3

A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0

4.3MEDIUM

CVE-2025-59810

>= 7.3.0 and < 7.5.2

An improper access control vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.1, Forti

6.5MEDIUM

CVE-2025-59808

>= 7.3.0 and < 7.5.2

An unverified password change vulnerability [CWE-620] vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS

6.8MEDIUM

CVE-2024-48891

>= 7.3.0 and < 7.5.2

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR

7.0HIGH

CVE-2025-32932

>= 6.4.0 and < 7.5.2

An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR versio

6.5MEDIUM

CVE-2024-48892

>= 7.3.0 and < 7.5.2

A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may a

6.8MEDIUM

CVE-2024-21760

>= 6.4.0 and <= 7.4.5

An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all ver

8.4HIGH

CVE-2022-23439

>= 6.4.0 and < 7.3.0

A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches

4.7MEDIUM

CVE-2024-48893

>= 7.2.1 and <= 7.3.3

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 thro

6.8MEDIUM

CVE-2024-47572

>= 7.2.1 and <= 7.2.2

An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute

9.0CRITICAL

CVE-2024-36510

>= 6.4.0 and < 7.3.3

An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and For

5.3MEDIUM

CVE-2024-45327

>= 7.0.0 and < 7.3.3

An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2

7.5HIGH

CVE-2023-26211

>= 6.4.0 and < 7.3.3

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2

6.8MEDIUM

CVE-2023-23775

>= 7.0.0 and < 7.2.1

Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerabilities [CWE-89] in FortiSOAR

6.5MEDIUM

CVE-2024-31493

>= 7.0.0 and < 7.3.1

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, versio

6.5MEDIUM

CVE-2023-27995

>= 7.3.0 and < 7.3.2

A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 al

7.2HIGH

CVE-2023-25605

>= 7.3.0 and < 7.3.2

A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative

7.5HIGH

CVE-2022-38379

>= 7.0.0 and <= 7.0.3

Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authe

3.5LOW

CVE-2022-42473

>= 6.4.0 and <= 6.4.4

A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 all

5.3MEDIUM

CVE-2022-29061

>= 6.4.1 and <= 6.4.4

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet F

7.2HIGH

CVE-2022-35847

>= 6.4.0 and <= 6.4.4

An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interfac

6.3MEDIUM

CVE-2022-30298

>= 6.4.0 and <= 6.4.4

An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already foun

7.0HIGH

CVE-2022-29062

>= 7.0.0 and < 7.0.3

Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to w

6.3MEDIUM

CVE-2022-23443

>= 6.4.0 and <= 6.4.4

An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via craf

7.5HIGH

fortinet fortisoar