CVE-2022-42477

An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries.
References
Link Resource
https://fortiguard.com/psirt/FG-IR-22-432 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*

History

18 Apr 2023, 19:52

Type Values Removed Values Added
New CVE

Information

Published : 2023-04-11 17:15

Updated : 2024-02-04 23:37


NVD link : CVE-2022-42477

Mitre link : CVE-2022-42477

CVE.ORG link : CVE-2022-42477


JSON object : View

Products Affected

fortinet

  • fortianalyzer
CWE
CWE-20

Improper Input Validation