CVE-2024-21760

{"id": "CVE-2024-21760", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.7}]}, "published": "2025-03-18T14:15:38.297", "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-420", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "An improper control of generation of code ('Code Injection') vulnerability [CWE-94]\u00a0in\u00a0FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow\u00a0an authenticated attacker\u00a0to execute arbitrary code on the host via a playbook code snippet."}, {"lang": "es", "value": "Una vulnerabilidad de control inadecuado de generaci\u00f3n de c\u00f3digo ('Inyecci\u00f3n de c\u00f3digo') [CWE-94] en FortiSOAR Connector FortiSOAR 7.4 todas las versiones, 7.3 todas las versiones, 7.2 todas las versiones, 7.0 todas las versiones, 6.4 todas las versiones puede permitir que un atacante autenticado ejecute c\u00f3digo arbitrario en el host a trav\u00e9s de un fragmento de c\u00f3digo de libro de estrategias."}], "lastModified": "2025-07-24T19:17:39.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C95E579B-17EB-4099-A62B-FB8473429416", "versionEndIncluding": "7.4.5", "versionStartIncluding": "6.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}