FortiSOAR - Server-Side Template Injection in Playbook component


An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload.

Affected Products

FortiSOAR version 7.2.0
FortiSOAR version 7.0.0 through 7.0.3
FortiSOAR version 6.4.0 through 6.4.4


Please upgrade to FortiSOAR version 7.2.1 or above