Missing Authentication Vulnerability in Fortinet FortiSOAR Products
CVE-2022-42473
5.3MEDIUM
Summary
A vulnerability in Fortinet FortiSOAR across multiple versions allows an attacker to access sensitive information by exploiting a missing authentication mechanism. This flaw enables unauthorized users to log into the database with a privileged account without supplying a password, thus posing a significant risk to the confidentiality and integrity of the system.
Affected Version(s)
Fortinet FortiSOAR FortiSOAR 7.2.0, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.1, 6.4.0
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved