First published: Tue Oct 10 2023(Updated: )
A server-side request forgery vulnerability [CWE-918] in FortiAnalyzer and FortiManager may allow a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiAnalyzer | =. | |
Fortinet FortiAnalyzer | >=7.2.0<=7.2.3 | |
Fortinet FortiAnalyzer | >=7.0.2<=7.0.8 | |
Fortinet FortiAnalyzer | >=6.4.8<=6.4.15 | |
Fortinet FortiManager | =. | |
Fortinet FortiManager | >=7.2.0<=7.2.3 | |
Fortinet FortiManager | >=7.0.0<=7.0.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.