CVE-2024-48892

Summary

A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via uploading a malicious solution pack.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSOAR7.6.0affected
FortinetFortiSOAR7.5.0 <= 7.5.1affected
FortinetFortiSOAR7.4.0 <= 7.4.5affected
FortinetFortiSOAR7.3.0 <= 7.3.3affected

Weaknesses

  • CWE-23: Information disclosure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References