Improper authorization to template image Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-026 Final 1 1 2022-10-10T00:00:00 Current version 2022-10-10T00:00:00 2022-10-10T00:00:00 An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI may allow an unauthenticatedand remote attacker to access report template images via referencing the name in the URL path. None Improper access control FortiManager version 7.0.0 through 7.0.3FortiManager 6.4 all versionsFortiManager 6.2 all versionsFortiManager 6.0 all versionsFortiManager 5.6 all versionsFortiAnalyzer version 7.0.0 through 7.0.3FortiAnalyzer 6.4 all versionsFortiAnalyzer 6.2 all versionsFortiAnalyzer 6.0 all versionsFortiAnalyzer 5.6 all versions Please upgrade to FortiAnalyzer version 7.0.4 or abovePlease upgrade to FortiAnalyzer version 7.2.0 or abovePlease upgrade to FortiManager version 7.0.4 or above.Please upgrade to FortiManager version 7.2.0 or above. Fortinet is pleased to thank Alaa A. Bukhari for reporting this vulnerability under responsible disclosure CVE-2022-26121 3.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-22-026 Improper authorization to template image Reference>