First published: Thu Sep 24 2020(Updated: )
An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiAnalyzer | =6.2.5 | |
Fortinet FortiAnalyzer | =6.4.0 | |
Fortinet FortiAnalyzer | =6.4.1 | |
Fortinet FortiTester | <=3.7.0 | |
Fortinet FortiTester | =3.8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2020-12817.
The severity level of CVE-2020-12817 is high, with a severity value of 8.8.
FortiAnalyzer versions 6.2.5, 6.4.0, and 6.4.1 are affected by CVE-2020-12817.
A remote authenticated attacker can exploit CVE-2020-12817 by injecting script-related HTML tags via the Name parameter of Storage Connectors.
You can find more information about CVE-2020-12817 at the following reference: https://fortiguard.com/advisory/FG-IR-20-054