FortiSOAR - Improper access control on gateway API
An improper access control vulnerability [CWE-284] in FortiSOAR may allow an unauthenticated attacker to access gateway API data via crafted HTTP GET requests.
FortiSOAR versions 7.0.2 and below,
FortiSOAR versions 6.4.4 and below,
FortiSOAR versions 6.0.0,
FortiSOAR versions 5.x.x
Please upgrade to FortiSOAR version 7.2.0 or above.
Install a security patch to fix this vulnerability on FortiSOAR affected versions as follows:
SSH to your FortiSOAR VM and log in as a root user.
Download the security patch file from the repository server using the following command:
/> Update the permissions of the file and run the following commands to apply the patch:
sudo chmod 755 nginx-security-patch