CVE-2022-42477

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
11/04/2023
Last modified:
07/11/2023

Description

An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:* 6.4.0 (including) 7.0.7 (excluding)
cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools