CVE-2024-21760: Code Injection
First published: Tue Mar 18 2025(Updated: )
An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker to execute arbitrary code on the host via a playbook code snippet.
Credit: psirt@fortinet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fortinet FortiSOAR Imap Connector | <=7.4<=7.3<=7.2<=7.0<=6.4 |
Remedy
Please upgrade to FortiSOAR version 7.5.0 or above
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-21760?
CVE-2024-21760 is considered a high severity vulnerability due to its capability to allow arbitrary code execution.
How do I fix CVE-2024-21760?
To fix CVE-2024-21760, update FortiSOAR to the latest version provided by Fortinet that addresses this vulnerability.
Who is affected by CVE-2024-21760?
CVE-2024-21760 affects all versions of FortiSOAR from 6.4 up to 7.4.
What type of vulnerability is CVE-2024-21760?
CVE-2024-21760 is a code injection vulnerability classified under CWE-94.
Can an unauthenticated user exploit CVE-2024-21760?
No, CVE-2024-21760 requires an authenticated user to exploit the vulnerability.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/source
- agent/severity
- agent/tags
- agent/event
- vendor/fortinet
- canonical/fortinet fortisoar imap connector