CVE-2022-23443

Name of the Vulnerable Software and Affected Versions Fortinet FortiSOAR versions prior to 7.2.0

Description The issue is related to improper access control in Fortinet FortiSOAR, allowing unauthenticated attackers to access gateway API data via crafted HTTP GET requests. This can be exploited by a remote attacker to gain unauthorized access.

Recommendations For versions prior to 7.2.0, update to version 7.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the gateway API to minimize the risk of exploitation.