The FortiAnalyzer and FortiManager WebUI accept a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Affected ProductsFortiAnalyzer versions 5.4.0 to 5.4.2,
FortiManager versions 5.4.0 to 5.4.2.
Preceding versions of FortiAnalyzer and FortiManager are not impacted
SolutionsFor FortiAnalyzer: Upgrade to version 5.4.3 or 5.6.0 For FortiManager: Upgrade to version 5.4.3 or 5.6.0
Fortinet is pleased to thank
- Ronan Dunne of Biocompatibles UK Ltd, and
- Babar Khan Akhunzada of SecurityWall.co & Khyber Pakhtunkhwa Govt Data Center