FortiAnalyzer & FortiManager - Server side request forgery on fortiview top threats report generation feature.

A server-side request forgery vulnerability [CWE-918] in FortiAnalyzer and FortiManager may allow a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.

attacker cwe data feature forgery fortianalyzer fortimanager http internal local low may port port scan privileges report request scan sensitive sensitive data server servers server side server-side request forgery threats top threats vulnerability