Description

An Improper Output Neutralization for Logs vulnerability [CWE-117] in FortiAnalyzer version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.13 and below and FortiManager version 7.6.1 and below, version 7.4.5 and below, version 7.2.8 and below, version 7.0.12 and below may allow an unauthenticated remote attacker to pollute the logs via crafted login requests.

Related CPE's

a

fortinet

fortimanager

4

a

fortinet

fortianalyzer

4

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-453

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-117

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.3 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-04-08T14:15:32.097

8 months ago

Last modified

2025-07-23T16:02:05.227

4 months ago