Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-48890

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook

Published

2025-01-14T14:15:33.187

Last Modified

2025-02-03T22:13:42.850

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.6 (MEDIUM)

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortisoar_imap_connector	< 3.5.8	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-415 Vendor Advisory ([email protected])