Lucene search

FortinetCVE-2022-38379

HistoryDec 06, 2022 - 5:15 p.m.

CVE-2022-38379

2022-12-0617:15:10

CWE-79

fortinet

web.nvd.nist.gov

cve-2022-38379

fortisoar

cwe-79

security vulnerability

web application security

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

22.9%

JSON

Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR.

Affected configurations

Nvd

Node

fortinetfortisoarRange7.0.0–7.0.3

fortinetfortisoarMatch7.2.0

VendorProductVersionCPE
fortinetfortisoar*cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*
fortinetfortisoar7.2.0cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortisoar	*	cpe:2.3:a:fortinet:fortisoar::::::::
fortinet	fortisoar	7.2.0	cpe:2.3:a:fortinet:fortisoar:7.2.0:::::::*

CNA Affected

[
  {
    "vendor": "Fortinet",
    "product": "FortiSOAR",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "version": "7.2.0",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.3",
        "status": "affected"
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-22-220