Improper access control on gateway API Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-041 Final 1 1 2022-05-03T00:00:00 Current version 2022-05-03T00:00:00 2022-05-03T00:00:00 An improper access control vulnerability [CWE-284] in FortiSOAR may allow an unauthenticated attacker to access gateway API data via crafted HTTP GET requests. None Information disclosure FortiSOAR versions 7.0.2 and below, FortiSOAR versions 6.4.4 and below,FortiSOAR versions 6.0.0,FortiSOAR versions 5.x.x Please upgrade to FortiSOAR version 7.2.0 or above. Internally discovered and reported by the FortiSOAR development team. CVE-2022-23443 6.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:T/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-22-041 Improper access control on gateway API Reference>