An improper access control vulnerability [CWE-284] in FortiSOAR may allow an unauthenticated attacker to access gateway API data via crafted HTTP GET requests.
FortiSOAR versions 7.0.2 and below,
FortiSOAR versions 6.4.4 and below,
FortiSOAR versions 6.0.0,
FortiSOAR versions 5.x.x
Please upgrade to FortiSOAR version 7.2.0 or above.