CVE-2022-35847

6.3MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortisoar
Vendor: CVE Published:; 6 September 2022

Summary

An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload.

Affected Version(s)

Fortinet FortiSOAR FortiSOAR 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4

References

https://fortiguard.com/psirt/FG-IR-22-306

x_refsource_CONFIRM

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 6, 2022
Vulnerability Reserved
Jul 13, 2022