An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries.
References
History

Wed, 23 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2023-04-11T16:06:17.894Z

Updated: 2024-10-23T14:29:14.227Z

Reserved: 2022-10-07T14:05:36.302Z

Link: CVE-2022-42477

cve-icon Vulnrichment

Updated: 2024-08-03T13:10:40.842Z

cve-icon NVD

Status : Modified

Published: 2023-04-11T17:15:07.587

Modified: 2024-11-21T07:25:03.030

Link: CVE-2022-42477

cve-icon Redhat

No data.