First published: Tue Mar 07 2023(Updated: )
An improper neutralization of formula elements vulnerability (CWE 1236) in FortiAnalyzer may allow a local authenticated privileged attacker to execute arbitrary code on the end-user's host via inserting spreadsheet formulas in the macro names. This is achieved once the user downloads and opens the CSV report files.
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiAnalyzer | >=7.2.0<=7.2.1 | |
Fortinet FortiAnalyzer | >=7.0.0<=7.0.6 | |
Fortinet FortiAnalyzer | >=6.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.