Missing Authentication Vulnerability in Fortinet FortiSOAR Products
CVE-2022-42473

5.3MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortisoar
Vendor: CVE Published:; 2 November 2022

What is CVE-2022-42473?

A vulnerability in Fortinet FortiSOAR across multiple versions allows an attacker to access sensitive information by exploiting a missing authentication mechanism. This flaw enables unauthorized users to log into the database with a privileged account without supplying a password, thus posing a significant risk to the confidentiality and integrity of the system.

Affected Version(s)

Fortinet FortiSOAR FortiSOAR 7.2.0, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.1, 6.4.0

References

https://fortiguard.com/psirt/FG-IR-22-216

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2022
Vulnerability Reserved
Oct 7, 2022