PSIRT Advisories
FortiSOAR - Path traversal vulnerabilities in the web API
Summary
Multiple relative path traversal vulnerabilities [CWE-23] in the web API of FortiSOAR may allow an authenticated attacker to write in the underlying filesystem with nginx permissions via crafted HTTP requests.
Affected Products
FortiSOAR version 7.2.0FortiSOAR version 7.0.0 through 7.0.2
Solutions
Please upgrade to FortiSOAR version 7.2.1 or abovePlease upgrade to FortiSOAR version 7.0.3 or above