CVE-2021-32603

Name of the Vulnerable Software and Affected Versions FortiManager and FortiAnalyser GUI versions 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below

Description A server-side request forgery (SSRF) vulnerability may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests. The vulnerability is related to insufficient checking of incoming requests, which can be exploited by a remote attacker to perform an SSRF attack by sending specially crafted requests.

Recommendations For FortiManager and FortiAnalyser GUI versions 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below: At the moment, there is no information about a newer version that contains a fix for this vulnerability.