PSIRT Advisories
FortiAnalyzer, FortiManager Open Redirect Vulnerability
Summary
The FortiAnalyzer and FortiManager WebUI accept a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Affected Products
- FortiAnalyzer versions 5.4.0 to 5.4.2,
- FortiManager versions 5.4.0 to 5.4.2.
Preceding versions of FortiAnalyzer and FortiManager are not impacted
Solutions
For FortiAnalyzer:
- Upgrade to version 5.4.3
For FortiManager:
- Upgrade to version 5.4.3
Acknowledgement
Fortinet is pleased to thank
- Ronan Dunne of Biocompatibles UK Ltd, and
- Babar Khan Akhunzada of SecurityWall.co & Khyber Pakhtunkhwa Govt Data Center