PSIRT Advisories

FortiSOAR - Improper Authorization in request headers


An improper access control vulnerability [CWE-284] in FortiSOAR's playbook component may allow an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.

Affected Products

FortiSOAR version 7.3.0 through 7.3.1


Please upgrade to FortiSOAR version 7.3.2 or above