CVE-2024-48890

Name of the Vulnerable Software and Affected Versions: FortiSOAR IMAP connector versions 3.5.7 and below

Description: The issue is related to an improper neutralization of special elements used in an OS command, which may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook. This is due to an 'OS Command Injection' vulnerability.

Recommendations: For FortiSOAR IMAP connector versions 3.5.7 and below, update to a version above 3.5.7 to resolve the issue. As a temporary workaround, consider restricting access to the IMAP connector to minimize the risk of exploitation.