A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 up to and including 7.2.3 and prior to 7.0.8 and FortiManager version 7.4.0, version 7.2.0 up to and including 7.2.3 and prior to 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortianalyzer 7.4.0 |
||
fortinet fortianalyzer |
||
fortinet fortimanager 7.4.0 |
||
fortinet fortimanager |