An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-22-432 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
18 Apr 2023, 19:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-11 17:15
Updated : 2024-02-04 23:37
NVD link : CVE-2022-42477
Mitre link : CVE-2022-42477
CVE.ORG link : CVE-2022-42477
JSON object : View
Products Affected
fortinet
- fortianalyzer
CWE
CWE-20
Improper Input Validation