PSIRT

Multiple XSS vulnerabilities in FortiManager and FortiAnalyzer Web UI

Description

Prior to version 5.0.7, the Web User Interface of FortiManager and FortiAnalyzer is vulnerable to multiple reflected Cross-Site Scripting vulnerabilities.

Impact Detail

A remote unauthenticated attacker may be able to execute arbitrary scripts in the context of an authenticated user's browser session.

Affected Products

FortiManager and FortiAnalyzer < version 5.0.7

Solutions

Upgrade to 5.0.7 or above.

Acknowledgement

Oded Vanunu & Adi Volkovitz, Check Point Security Research Team.

IR Number	FG-IR-14-033
Published Date	Oct 30, 2014
Component	GUI
Severity	High
Impact	Cross-Site Scripting (reflected)
CVE ID	CVE-2014-2334 CVE-2014-2335 CVE-2014-2336
CVRF	Download

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

PSIRT

Multiple XSS vulnerabilities in FortiManager and FortiAnalyzer Web UI

Description

Impact Detail

Affected Products

Solutions

Acknowledgement

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

PSIRT

Multiple XSS vulnerabilities in FortiManager and FortiAnalyzer Web UI

Description

Impact Detail

Affected Products

Solutions

Acknowledgement

Threat Intelligence
Center