FortiManager & FortiAnalyzer - Improper validation of dispatcher socket parameters
Summary
A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI may allow a remote and authenticated attacker to access unauthorized  files and services on the system via specifically crafted web requests.
Affected Products
FortiManager versions 7.0.0
FortiManager versions 6.4.5 and below.
FortiManager versions 6.2.7 and below.
FortiManager versions 6.0.x
FortiManager versions 5.6.x
FortiAnalyzer versions 7.0.0
FortiAnalyzer versions 6.4.5 and below.
FortiAnalyzer versions 6.2.7 and below.
FortiAnalyzer versions 6.0.x
FortiAnalyzer versions 5.6.x
Solutions
Please upgrade to FortiManager 7.0.1 or above.
Please upgrade to FortiManager 6.4.6 or above.
Please upgrade to FortiManager 6.2.8 or above.
Please upgrade to FortiAnalyzer 7.0.1 or above.
Please upgrade to FortiAnalyzer 6.4.6 or above.
Please upgrade to FortiAnalyzer 6.2.8 or above.