| IR Number | FG-IR-23-051 |
| Date | Apr 11, 2023 |
| Severity |
High |
| CVSSv3 Score | 7.2 |
| Impact | Information disclosure |
| CVE ID | CVE-2023-27995 |
| Affected Products |
FortiSOAR
:
7.3.1, 7.3.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiSOAR - Server-side Template Injection in playbook execution
Summary
An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload.
Affected Products
FortiSOAR version 7.3.0 through 7.3.1Solutions
Please upgrade to FortiSOAR version 7.4.0 or abovePlease upgrade to FortiSOAR version 7.3.2 or above
Acknowledgement
Internally discovered and reported by Boumediene Kaddour from System and Sales TeamTimeline
2023-04-04: Initial publication
2023-04-12: Update Solutions and Acknowledgement