Improper Neutralization in FortiSOAR Management Interface
CVE-2022-35847

6.3MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortisoar
Vendor: CVE Published:; 6 September 2022

What is CVE-2022-35847?

An issue has been identified within the FortiSOAR management interface, where improper handling of special elements in the template engine can be exploited. A remote and authenticated attacker could leverage this vulnerability to execute arbitrary code through a specially crafted payload, posing significant risks to the integrity and security of affected systems.

Affected Version(s)

Fortinet FortiSOAR FortiSOAR 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4

References

https://fortiguard.com/psirt/FG-IR-22-306

x_refsource_CONFIRM

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2022
Vulnerability Reserved
Jul 13, 2022