CVE-2022-42477

🗓️ 11 Apr 2023 16:06:17Reported by fortinetType

FortiAnalyzer input validation vulnerability CVE-2022-42477 disclosure risk

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the Fortinet FortiManager software, which is used for centralized device management, and the Fortinet FortiAnalyzer software, which is used for event monitoring and analysis, stems from improper validation of input data. This vulnerability allows an attacker to gain access to information about the file system.	15 Nov 202400:00	–	bdu_fstec
Circl	CVE-2022-42477	11 Apr 202320:23	–	circl
CNNVD	Fortinet FortiAnalyzer 输入验证错误漏洞	11 Apr 202300:00	–	cnnvd
CNVD	Fortinet FortiAnalyzer Input Validation Error Vulnerability	18 Apr 202300:00	–	cnvd
CVE	CVE-2022-42477	11 Apr 202316:06	–	cve
EUVD	EUVD-2022-45547	3 Oct 202520:07	–	euvd
Fortinet	FortiAnalyzer - Improper input validation in custom dataset	11 Apr 202300:00	–	fortinet
NVD	CVE-2022-42477	11 Apr 202317:15	–	nvd
Prion	Input validation	11 Apr 202317:15	–	prion
RedhatCVE	CVE-2022-42477	9 Jan 202608:43	–	redhatcve

[
  {
    "vendor": "Fortinet",
    "product": "FortiAnalyzer",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "versionType": "semver",
        "version": "7.2.0",
        "lessThanOrEqual": "7.2.1",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "7.0.0",
        "lessThanOrEqual": "7.0.6",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "6.4.0",
        "lessThanOrEqual": "6.4.10",
        "status": "affected"
      }
    ]
  }
]

Source	Link
fortiguard	www.fortiguard.com/psirt/FG-IR-22-432

11 Apr 2023 16:06Current

7.2High risk

Vulners AI Score7.2

CVSS 3.17.1

EPSS0.00064

CWE-20