CVE-2024-48890
published 2025-01-14CVE-2024-48890: An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortisoar | — | — |
| fortinet | fortisoar | — | — |
| fortinet | fortisoar_imap_connector | < 3.5.8 | 3.5.8 |
| fortinet | fortisoarimapconnector | — | — |