FortiAnalyzer, FortiManager Open Redirect Vulnerability
Summary
The FortiAnalyzer and FortiManager WebUI accept a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Affected Products
FortiAnalyzer versions 5.4.0 to 5.4.2,FortiManager versions 5.4.0 to 5.4.2.
Preceding versions of FortiAnalyzer and FortiManager are not impacted
Solutions
For FortiAnalyzer: Upgrade to version 5.4.3 or 5.6.0 For FortiManager: Upgrade to version 5.4.3 or 5.6.0Acknowledgement
Fortinet is pleased to thank
- Ronan Dunne of Biocompatibles UK Ltd, and
- Babar Khan Akhunzada of SecurityWall.co & Khyber Pakhtunkhwa Govt Data Center