CVE-2024-33501

Name of the Vulnerable Software and Affected Versions: FortiAnalyzer versions 7.4.0 through 7.4.2 FortiAnalyzer versions prior to 7.2.5 FortiManager versions 7.4.0 through 7.4.2 FortiManager versions prior to 7.2.5 FortiAnalyzer-BigData versions 7.4.0 FortiAnalyzer-BigData versions prior to 7.2.7

Description: The issue is related to improper neutralization of special elements used in an SQL Command, which can lead to SQL Injection. This allows a privileged attacker to execute unauthorized code or commands via specifically crafted CLI requests.

Recommendations: For FortiAnalyzer versions 7.4.0 through 7.4.2, update to a version after 7.4.2 or apply the necessary patch. For FortiAnalyzer versions prior to 7.2.5, update to version 7.2.5 or later. For FortiManager versions 7.4.0 through 7.4.2, update to a version after 7.4.2 or apply the necessary patch. For FortiManager versions prior to 7.2.5, update to version 7.2.5 or later. For FortiAnalyzer-BigData versions 7.4.0, update to a version after 7.4.0 or apply the necessary patch. For FortiAnalyzer-BigData versions prior to 7.2.7, update to version 7.2.7 or later.