exploitDog

CVE-2024-48890

Опубликовано: 14 янв. 2025

Источник: nvd

CVSS3: 6.6

CVSS3: 8.8

EPSS Низкий

Описание

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook

Ссылки

https://fortiguard.fortinet.com/psirt/FG-IR-24-415
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fortinet:fortisoar_imap_connector:*:*:*:*:*:*:*:*

Версия до 3.5.8 (исключая)

EPSS

Процентиль: 76%

0.00919

Низкий

6.6 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-78

Связанные уязвимости

GHSA-8jwr-jm4q-89xr

CVSS3: 6.6

github

около 1 года назад

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook

EPSS

Процентиль: 76%

0.00919

Низкий

6.6 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-78