Lucene search
China National Vulnerability DatabaseCNVD-2022-87363HistoryOct 12, 2022 - 12:00 a.m.
Multiple Fortinet products vulnerable to information leakage
2022-10-1200:00:00
China National Vulnerability Database
www.cnvd.org.cn
12
fortinet
fortimanager
fortianalyzer
information leakage
security management
reporting
network log
data
vulnerability
exposure
remote attacker
EPSS
0.001
Percentile
48.1%
Fortinet FortiManager and Fortinet FortiAnalyzer, both from Fortinet, are a centralized network security management platform. Fortinet FortiAnalyzer is a centralized network security reporting solution. The product is mainly used to collect network log data and analyze, report and archive operations of security events, network traffic, Web content, etc. in the logs through the reporting suite. Multiple Fortinet products are vulnerable to an information disclosure vulnerability that stems from the exposure of resources to the wrong domain, which can be exploited by an unauthenticated remote attacker to access report template images by referring to names in the URL path.
Related
cvelist
cvelist
CVE-2022-26121
2022-10-10 00:00:00
fortinet
fortinet
FortiAnalyzer & FortiManager - improper authorization to template image
2022-10-10 00:00:00
nvd
nvd
CVE-2022-26121
2022-10-10 14:15:09
prion
prion
Path traversal
2022-10-10 14:15:00
cve
cve
CVE-2022-26121
2022-10-10 14:15:09