CVE-2022-38374

Name of the Vulnerable Software and Affected Versions FortiADC versions 6.2.0 through 6.2.4 FortiADC versions 7.0.0 through 7.0.2

Description The issue is related to improper neutralization of input during web page generation, allowing an attacker to execute unauthorized code or commands. This can be achieved via the URL and User fields. The attacker can conduct cross-site scripting attacks by creating a specially crafted web page.

Recommendations For FortiADC versions 6.2.0 through 6.2.4, update to a version that includes the fix for this issue. For FortiADC versions 7.0.0 through 7.0.2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the URL and User fields in the traffic and event log views to minimize the risk of exploitation.