FortiAnalyzer & FortiManager - improper authorization to template image
Summary
An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI may allow an unauthenticated
and remote attacker to access report template images via referencing the name in the URL path.
Affected Products
FortiManager version 7.0.0 through 7.0.3 FortiManager 6.4 all versions FortiManager 6.2 all versions FortiManager 6.0 all versions FortiManager 5.6 all versions
FortiAnalyzer version 7.0.0 through 7.0.3 FortiAnalyzer 6.4 all versions FortiAnalyzer 6.2 all versions FortiAnalyzer 6.0 all versions FortiAnalyzer 5.6 all versions
Solutions
Please upgrade to FortiAnalyzer version 7.0.4 or above Please upgrade to FortiAnalyzer version 7.2.0 or above Please upgrade to FortiManager version 7.0.4 or above. Please upgrade to FortiManager version 7.2.0 or above.