Fortinet FortiManager and Fortinet FortiAnalyzer Server-Side Request Forgery Vulnerability

Fortinet FortiManager is a centralized network security management platform. Fortinet FortiAnalyzer is a centralized network security reporting solution. The product is primarily used to collect network log data and analyze, report, and archive security events, network traffic, and Web content in the logs through the reporting suite.A server-side request forgery vulnerability exists in Fortinet FortiManager and Fortinet FortiAnalyzer, which stems from the failure of the FortiManager and FortiAnalyser GUI fails to properly validate user input, and an attacker can exploit the vulnerability to access unauthorized files and services on the system via specially crafted Web requests.