| IR Number | FG-IR-22-041 |
| Date | May 3, 2022 |
| Component | GUI |
| Severity |
Medium |
| CVSSv3 Score | 6.8 |
| Impact | Information disclosure |
| CVE ID | CVE-2022-23443 |
| Affected Products |
FortiSOAR
:
7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.1, 6.4.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiSOAR - Improper access control on gateway API
Summary
An improper access control vulnerability [CWE-284] in FortiSOAR may allow an unauthenticated attacker to access gateway API data via crafted HTTP GET requests.
Affected Products
FortiSOAR versions 7.0.2 and below,
FortiSOAR versions 6.4.4 and below,
FortiSOAR versions 6.0.0,
FortiSOAR versions 5.x.x
Solutions
Please upgrade to FortiSOAR version 7.2.0 or above.