An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path.
2022-10-10T14:15:09.727
2024-11-21T06:53:28.427
Modified
CVSSv3.1: 3.7 (LOW)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | fortinet | fortimanager | ≤ 5.6.11 | Yes |
| Application | fortinet | fortimanager | ≤ 6.0.11 | Yes |
| Application | fortinet | fortimanager | ≤ 6.2.9 | Yes |
| Application | fortinet | fortimanager | ≤ 6.4.8 | Yes |
| Application | fortinet | fortimanager | ≤ 7.0.3 | Yes |
| Application | fortinet | fortianalyzer | ≤ 5.6.11 | Yes |
| Application | fortinet | fortianalyzer | ≤ 6.0.11 | Yes |
| Application | fortinet | fortianalyzer | ≤ 6.2.9 | Yes |
| Application | fortinet | fortianalyzer | ≤ 6.4.8 | Yes |
| Application | fortinet | fortianalyzer | ≤ 7.0.3 | Yes |