Fortiguard

FortiSOAR - Improper Authorization in request headers

Summary

An improper access control vulnerability [CWE-284] in FortiSOAR's playbook component may allow an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.

Affected Products

FortiSOAR version 7.3.0 through 7.3.1

Solutions

Please upgrade to FortiSOAR version 7.3.2 or above

IR Number	FG-IR-23-050
Date	Mar 7, 2023
Severity	High
CVSSv3 Score	7.5
Impact	Improper access control
CVE ID	CVE-2023-25605
Affected Products	FortiSOAR : 7.3.1, 7.3.0
CVRF	Download

Network

Files and Endpoint

Application

Additional SOC Services

PSIRT Advisories

FortiSOAR - Improper Authorization in request headers

Summary

Affected Products

Solutions

News / Research

Network

Files and Endpoint

Application

Additional SOC Services

FortiGate

FortiDeceptor

FortiClient

FortiMail

FortiEDR

FortiADC

FortiAnalyzer

FortiCWP

FortiWeb

FortiNDR

FortiSandBox

FortiTester

Threat Lookup

PSIRT

Resources

PSIRT Advisories

FortiSOAR - Improper Authorization in request headers

Summary

Affected Products

Solutions