FortiAnalyzer, FortiManager Open Redirect Vulnerability


The FortiAnalyzer and FortiManager WebUI accept a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Affected Products

FortiAnalyzer versions 5.4.0 to 5.4.2,
FortiManager versions 5.4.0 to 5.4.2.
Preceding versions of FortiAnalyzer and FortiManager are not impacted


For FortiAnalyzer: Upgrade to version 5.4.3 or 5.6.0 For FortiManager: Upgrade to version 5.4.3 or 5.6.0


Fortinet is pleased to thank

  • Ronan Dunne of Biocompatibles UK Ltd, and
  • Babar Khan Akhunzada of & Khyber Pakhtunkhwa Govt Data Center
for reporting this vulnerability under responsible disclosure.