PSIRT

Improper Authorization in request headers

Summary

An improper access control vulnerability [CWE-284] in FortiSOAR's playbook component may allow an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.

Version	Affected	Solution
FortiSOAR on-premise 7.3	7.3.0 through 7.3.1	Upgrade to 7.3.2 or above
FortiSOAR on-premise 7.2	Not affected	Not Applicable
FortiSOAR on-premise 7.0	Not affected	Not Applicable
FortiSOAR on-premise 6.4	Not affected	Not Applicable

Timeline

2023-03-07: Initial publication

IR Number	FG-IR-23-050
Published Date	Mar 7, 2023
Severity	High
CVSSv3 Score	7.5
Impact	Improper access control
CVE ID
Download	CVRF CSAF

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

PSIRT

Improper Authorization in request headers

Summary

Timeline

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

PSIRT

Improper Authorization in request headers

Summary

Timeline

Threat Intelligence
Center