PSIRT Advisories

FortiAnalyzer, FortiManager Open Redirect Vulnerability


The FortiAnalyzer and FortiManager WebUI accept a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Affected Products

  • FortiAnalyzer versions 5.4.0 to 5.4.2, 
  • FortiManager versions 5.4.0 to 5.4.2.

Preceding versions of FortiAnalyzer and FortiManager are not impacted


For FortiAnalyzer:

  • Upgrade to version 5.4.3

For FortiManager:

  • Upgrade to version 5.4.3


Fortinet is pleased to thank

  • Ronan Dunne of Biocompatibles UK Ltd, and
  • Babar Khan Akhunzada of & Khyber Pakhtunkhwa Govt Data Center
for reporting this vulnerability under responsible disclosure.