FortiSIEM - OS command injection in Report Server
Summary
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM report server may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.
This vulnerability was internally discovered as a variant of FG-IR-23-130.
Affected Products
FortiSIEM 5.4 all versionsFortiSIEM 5.3 all versions
FortiSIEM 5.2 all versions
FortiSIEM 5.1 all versions
FortiSIEM 5.0 all versions
FortiSIEM 4.10 all versions
FortiSIEM 4.9 all versions
FortiSIEM 4.7 all versions
Solutions
Please upgrade to FortiSIEM version 7.1.0 or above
Please upgrade to FortiSIEM version 7.0.1 or above
Please upgrade to FortiSIEM version 6.7.6 or above
Please upgrade to FortiSIEM version 6.6.4 or above
Please upgrade to FortiSIEM version 6.5.2 or above
Please upgrade to FortiSIEM version 6.4.3 or above