PSIRT Advisories
FortiAnalyzer - Improper input validation in custom dataset
Summary
An improper input validation vulnerability [CWE-20] in FortiAnalyzer may allow an authenticated attacker to disclose file system information via custom dataset SQL queries.
Affected Products
FortiAnalyzer version 7.2.1 and below,
FortiAnalyzer version 7.0.6 and below,
FortiAnalyzer 6.4 all versions.
Solutions
Please upgrade to FortiAnalyzer version 7.2.2 or above
Please upgrade to FortiAnalyzer version 7.0.7 or above