FortiSOAR - PostgreSQL DB access to local users


A missing authentication for critical function [CWE-306] vulnerabilty in FortiSOAR's Postgres database may allow a local attacker to access sensitive information via logging into the database using a privileged account without a password.

Affected Products

FortiSOAR version 7.2.0 through 7.2.2
FortiSOAR version 7.0.0 through 7.0.3
FortiSOAR version 6.4.0 through 6.4.4


Please upgrade to upcoming FortiSOAR version 7.3.0 or above


Fortinet is pleased to thank Alok Agarwal from Fortinet's Dev team.