CVE-2022-23443

CWE-863Incorrect Authorization4 documents4 sources
Severity
7.5HIGH
EPSS
1.8%
top 17.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortisoarFortinet Fortinet Fortisoar
Timeline
PublishedMay 4
Latest updateMay 5

Description

An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDfortinet/fortisoar6.4.06.4.4+2
CVEListV5fortinet/fortinet_fortisoarFortiSOAR 7.0.2, 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.1, 6.4.0, 6.0.0, 5.x.x

🔴Vulnerability Details

2
GHSA
GHSA-cj8v-3m6g-6r37: An improper access control in Fortinet FortiSOAR before 72022-05-05
CVEList
CVE-2022-23443: An improper access control in Fortinet FortiSOAR before 72022-05-04

📋Vendor Advisories

1
Fortinet
An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API dat...2022-05-04
CVE-2022-23443 (HIGH CVSS 7.5) | An improper access control in Forti | cvebase.io