Vulnerability Description
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | Fortianalyzer | >= 7.4.0, < 7.4.4 |
| Fortinet | Fortianalyzer Cloud | >= 7.4.1, < 7.4.3 |
| Fortinet | Fortimanager | >= 7.4.0, < 7.4.3 |
| Fortinet | Fortimanager Cloud | >= 7.4.1, < 7.4.3 |
Related Weaknesses (CWE)
References
- https://fortiguard.fortinet.com/psirt/FG-IR-24-091Vendor Advisory
FAQ
What is CVE-2024-35275?
CVE-2024-35275 is a vulnerability with a CVSS score of 6.6 (MEDIUM). A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker t...
How severe is CVE-2024-35275?
CVE-2024-35275 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-35275?
Check the references section above for vendor advisories and patch information. Affected products include: Fortinet Fortianalyzer, Fortinet Fortianalyzer Cloud, Fortinet Fortimanager, Fortinet Fortimanager Cloud.