FortiSOAR - PostgreSQL DB access to local users
Summary
A missing authentication for critical function [CWE-306] vulnerabilty in FortiSOAR's Postgres database may allow a local attacker to access sensitive information via logging into the database using a privileged account without a password.
Affected Products
FortiSOAR 7.2 all versions
FortiSOAR 7.0 all versions
FortiSOAR 6.4 all versions
Solutions
Please upgrade to upcoming FortiSOAR version 7.3.0 or above