Server side request forgery (ssrf)

2023-10-2010:15:00

PRIOn knowledge base

www.prio-n.com

ssrf

vulnerability

fortinet fortianalyzer

fortimanager

cwe-918

remote attacker

low privileges

sensitive data

internal servers

port scan

http request

nvd

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.7%

JSON

A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.

CPENameOperatorVersion
fortianalyzereq7.4.0
fortianalyzerge7.2.0
fortianalyzerle7.2.3
fortianalyzerge7.0.2
fortianalyzerle7.0.8
fortianalyzerge6.4.8
fortianalyzerle6.4.13
fortimanagereq7.4.0
fortimanagerge7.2.0
fortimanagerle7.2.3

Name	Operator	Version
fortianalyzer	eq	7.4.0
fortianalyzer	ge	7.2.0
fortianalyzer	le	7.2.3
fortianalyzer	ge	7.0.2
fortianalyzer	le	7.0.8
fortianalyzer	ge	6.4.8
fortianalyzer	le	6.4.13
fortimanager	eq	7.4.0
fortimanager	ge	7.2.0
fortimanager	le	7.2.3