FortiSOAR - Improper access control on gateway API


An improper access control vulnerability [CWE-284] in FortiSOAR may allow an unauthenticated attacker to access gateway API data via crafted HTTP GET requests.

Affected Products

FortiSOAR versions 7.0.2 and below, 
FortiSOAR versions 6.4.4 and below,
FortiSOAR versions 6.0.0,
FortiSOAR versions 5.x.x


Please upgrade to FortiSOAR version 7.2.0 or above.


Internally discovered and reported by the FortiSOAR development team.