CVE-2020-12817

Summary

An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiAnalyzerFortiAnalyzer before 6.4.1; before 6.2.5affected

Weaknesses

  • Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References