all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

FortiSIEM - OS command injection in Report Server

Add to bookmarks
Nov. 14, 2023, 8 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiSIEM report server may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.
This vulnerability was internally discovered as a variant of FG-IR-23-130.

api attacker command command injection cwe fortisiem injection may report requests server special unauthenticated vulnerability

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiAuthenticator - Open Redirect on /portal/disclaimer 6 days, 12 hours ago | fortiguard.fortinet.com
attacker cwe disclaimer may +8
Exposure of password hashes to read-only admin 6 days, 12 hours ago | fortiguard.fortinet.com
admin control cwe data +11
Double free with double usage of json_object_put 6 days, 12 hours ago | fortiguard.fortinet.com
attacker code commands cwe +9
Format String Bug in cli command 6 days, 12 hours ago | fortiguard.fortinet.com
amp arbitrary code arbitrary code execution attacker +19
Client IP relies on X-Forwarded-For and other headers 6 days, 12 hours ago | fortiguard.fortinet.com
attack bypass client cwe +10
Buffer overflow in administrative interface 6 days, 12 hours ago | fortiguard.fortinet.com
arbitrary code attacker buffer buffer overflow +13
Code injection in playbook code snippet step 6 days, 12 hours ago | fortiguard.fortinet.com
arbitrary code attacker code code injection +7
Client-side enforcement of server-side security related to customer reports features 6 days, 12 hours ago | fortiguard.fortinet.com
access account attacker client +16
HTTP/2 CONTINUATION Frames Vulnerability 6 days, 12 hours ago | fortiguard.fortinet.com
attack can connection crash +14

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Senior Application Security Engineer

@ Austin Community College | HMO99: Field Office - MO Remote Location, Remote City, MO, 65043 USA
View on infosec-jobs.com

Sr. Information Assurance Security Analyst

@ SMS Data Products Group, Inc. | San Antonio, TX, United States
View on infosec-jobs.com

Product Cybersecurity Test Infrastructure Engineer (Remote)

@ SNC-Lavalin | HCT99: Field Office - CT Remote Location, Remote City, CT, 06101 USA
View on infosec-jobs.com