FortiSOAR - Server-Side Template Injection in Playbook component
An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload.
Affected ProductsFortiSOAR version 7.2.0
FortiSOAR version 7.0.0 through 7.0.3
FortiSOAR version 6.4.0 through 6.4.4
Please upgrade to FortiSOAR version 7.2.1 or above