CVE-2022-42477
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
11/04/2023
Last modified:
07/11/2023
Description
An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* | 6.4.0 (including) | 7.0.7 (excluding) |
cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page