OS command injection in Report Server

OS command injection in Report Server Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-23-135 Final 1 1 2023-11-14T00:00:00 Current version 2023-11-14T00:00:00 2023-11-13T00:00:00 An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM report server may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.This vulnerability was internally discovered as a variant of FG-IR-23-130. None Execute unauthorized code or commands FortiSIEM 7.1 all versions are not affectedFortiSIEM 7.0 all versions are not affectedFortiSIEM 6.7 all versions are not affectedFortiSIEM 6.6 all versions are not affectedFortiSIEM 6.5 all versions are not affectedFortiSIEM 6.4 all versions are not affectedFortiSIEM 6.3 all versions are not affectedFortiSIEM 6.2 all versions are not affectedFortiSIEM 6.1 all versions are not affectedFortiSIEM 5.4 all versionsFortiSIEM 5.3 all versionsFortiSIEM 5.2 all versionsFortiSIEM 5.1 all versionsFortiSIEM 5.0 all versionsFortiSIEM 4.10 all versionsFortiSIEM 4.9 all versionsFortiSIEM 4.7 all versions Please upgrade to FortiSIEM version 7.1.0 or abovePlease upgrade to FortiSIEM version 7.0.1 or abovePlease upgrade to FortiSIEM version 6.7.6 or abovePlease upgrade to FortiSIEM version 6.6.4 or abovePlease upgrade to FortiSIEM version 6.5.2 or abovePlease upgrade to FortiSIEM version 6.4.3 or above Internally discovered and reported by Adham El karn of Fortinet Product Security team. FortiSIEM 5.4.0 FortiSIEM 5.3.3 FortiSIEM 5.3.2 FortiSIEM 5.3.1 FortiSIEM 5.3.0 FortiSIEM 5.2.8 FortiSIEM 5.2.7 FortiSIEM 5.2.6 FortiSIEM 5.2.5 FortiSIEM 5.2.2 FortiSIEM 5.2.1 FortiSIEM 5.1.3 FortiSIEM 5.1.2 FortiSIEM 5.1.1 FortiSIEM 5.1.0 FortiSIEM 5.0.1 FortiSIEM 5.0.0 FortiSIEM 4.10.0 FortiSIEM 4.9.0 FortiSIEM 4.7.2 OS command injection in Report Server CVE-2023-36553 FortiSIEM-5.4.0 FortiSIEM-5.3.3 FortiSIEM-5.3.2 FortiSIEM-5.3.1 FortiSIEM-5.3.0 FortiSIEM-5.2.8 FortiSIEM-5.2.7 FortiSIEM-5.2.6 FortiSIEM-5.2.5 FortiSIEM-5.2.2 FortiSIEM-5.2.1 FortiSIEM-5.1.3 FortiSIEM-5.1.2 FortiSIEM-5.1.1 FortiSIEM-5.1.0 FortiSIEM-5.0.1 FortiSIEM-5.0.0 FortiSIEM-4.10.0 FortiSIEM-4.9.0 FortiSIEM-4.7.2 9.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-23-135 OS command injection in Report Server Reference>