CVE-2022-42473

CWE-306Missing Authentication4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 84.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortisoarFortinet Fortinet Fortisoar
Timeline
PublishedNov 2

Description

A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages2 packages

NVDfortinet/fortisoar6.4.06.4.4+2
CVEListV5fortinet/fortinet_fortisoarFortiSOAR 7.2.0, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.4, 6.4.3, 6.4.1, 6.4.0

🔴Vulnerability Details

2
GHSA
GHSA-2cgp-h7jq-hhwj: A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 62022-11-02
CVEList
CVE-2022-42473: A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 62022-11-02

📋Vendor Advisories

1
Fortinet
A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and...2022-11-02
CVE-2022-42473 (MEDIUM CVSS 5.5) | A missing authentication for a crit | cvebase.io