3 matches found
Fortinet FortiAnalyzer / FortiManager 5.4.x < 5.4.3 Open Redirect (FG-IR-17-014)
The version of FortiAnalyzer or FortiManager running on the remote device is 5.4.x prior to 5.4.3. It is, therefore, affected by a cross-site redirection vulnerability in its web-based user interface due to improper validation of input before returning it to users. An unauthenticated, remote...
CVE-2017-3126
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter...
CVE-2017-3126
CVE-2017-3126 describes an open redirect in Fortinet FortiAnalyzer (versions 5.4.0–5.4.2) and FortiManager (versions 5.4.0–5.4.2) where a user-controlled next parameter enables redirects to an attacker‑chosen URL. The underlying cause is improper validation of input used for redirection in the We...