CVE-2015-0279: Expression Language Injection in FortiSIEM


An expression language injection vulnerability in FortiSIEM JBoss RichFaces library may allow a remote attacker to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.

Affected Products

FortiSIEM version 5.2.8 and below.


Please upgrade to FortiSIEM version 5.3.0 or above.


Fortinet is pleased to thank Code White GmbH for reporting this vulnerability under responsible disclosure.