CVE-2015-0279: Expression Language Injection in FortiSIEM
An expression language injection vulnerability in FortiSIEM JBoss RichFaces library may allow a remote attacker to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.
Unauthorized code execution
FortiSIEM version 5.2.8 and below.
Please upgrade to FortiSIEM version 5.3.0 or above.
Fortinet is pleased to thank Code White GmbH for reporting this vulnerability under responsible disclosure.