FortiManager & FortiAnalyzer - SSRF in FortiGuard Outbreak feature

2023-06-1200:00:00

FortiGuard Labs

www.fortiguard.com

server-side request forgery

cwe-918

fortimanager

fortianalyzer

remote attacker

web requests

0.001 Low

EPSS

Percentile

26.0%

JSON

A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests.

CPENameOperatorVersion
fortianalyzereq7.2.1
fortianalyzereq7.2.0
fortianalyzereq7.0.6
fortianalyzereq7.0.5
fortianalyzereq7.0.4
fortianalyzereq7.0.3
fortianalyzereq7.0.2
fortianalyzereq7.0.1
fortianalyzereq7.0.0
fortianalyzereq6.4.9

Name	Operator	Version
fortianalyzer	eq	7.2.1
fortianalyzer	eq	7.2.0
fortianalyzer	eq	7.0.6
fortianalyzer	eq	7.0.5
fortianalyzer	eq	7.0.4
fortianalyzer	eq	7.0.3
fortianalyzer	eq	7.0.2
fortianalyzer	eq	7.0.1
fortianalyzer	eq	7.0.0
fortianalyzer	eq	6.4.9

Rows per page:

1-10 of 261

0.001 Low

EPSS

Percentile

26.0%

JSON

Related for FG-IR-22-493