CVE-2021-32597

Name of the Vulnerable Software and Affected Versions FortiManager versions 7.0.0, 6.4.5 and below, 6.2.7 and below FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below

Description The issue is related to improper neutralization of input during web page generation, which may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack by injecting malicious payload in GET parameters. This could potentially lead to security breaches.

Recommendations For FortiManager versions 7.0.0, 6.4.5 and below, 6.2.7 and below, consider disabling the user interface as a temporary workaround until a patch is available. For FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below, restrict access to the user interface to minimize the risk of exploitation. Avoid using malicious GET parameters in the affected user interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.