CVE-2022-35847

An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.4 may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload.
References
Link Resource
https://fortiguard.com/psirt/FG-IR-22-306 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*

Information

Published : 2022-09-06 06:15

Updated : 2022-09-09 02:35


NVD link : CVE-2022-35847

Mitre link : CVE-2022-35847

Products Affected
No products.