FortiSOAR - Improper access control on gateway API

Summary

An improper access control vulnerability [CWE-284] in FortiSOAR may allow an unauthenticated attacker to access gateway API data via crafted HTTP GET requests.

Affected Products

FortiSOAR versions 7.0.2 and below, 
FortiSOAR versions 6.4.4 and below,
FortiSOAR versions 6.0.0,
FortiSOAR versions 5.x.x

Solutions

Please upgrade to FortiSOAR version 7.2.0 or above.

Acknowledgement

Internally discovered and reported by the FortiSOAR development team.