CVE-2022-23443
published 2022-05-04CVE-2022-23443: An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests.
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortinet_fortisoar | — | — |
| fortinet | fortisoar | — | — |
| fortinet | fortisoar | — | — |
| fortinet | fortisoar | 6.4.0 – 6.4.4 | — |
| fortinet | fortisoar | 7.0.0 – 7.0.2 | — |