Home Security Fortinet and Zoho Urge Clients to Patch Enterprise Software program Vulnerabilities

Fortinet and Zoho Urge Clients to Patch Enterprise Software program Vulnerabilities

by crpt os


Jan 05, 2023Ravie LakshmananApplication Security / SQLi

Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code.

“An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests,” the company said in an advisory.

The vulnerability, tracked as CVE-2022-39947 (CVSS score: 8.6) and internally discovered by its product security team, impacts the following versions –

  • FortiADC version 7.0.0 through 7.0.2
  • FortiADC version 6.2.0 through 6.2.3
  • FortiADC version 6.1.0 through 6.1.6
  • FortiADC version 6.0.0 through 6.0.4
  • FortiADC version 5.4.0 through 5.4.5

Users are recommended to upgrade to FortiADC versions 6.2.4 and 7.0.2 as and when they become available.

The January 2023 patches also address a number of command injection vulnerabilities in FortiTester (CVE-2022-35845, CVSS score: 7.6) that could permit an authenticated attacker to execute arbitrary commands in the underlying shell.

Zoho Ships Fixes For An SQLi Flaw

Enterprise software provider Zoho is also urging customers to upgrade to the latest versions of Access Manager Plus, PAM360, and Password Manager Pro following the discovery of a severe SQL injection (SQLi) vulnerability.

Assigned the identifier CVE-2022-47523, the issue affects Access Manager Plus versions 4308 and below; PAM360 versions 5800 and below; and Password Manager Pro versions 12200 and below.

“This vulnerability can allow an adversary to execute custom queries, and access the database table entries using the vulnerable request,” the India-based company said, adding it fixed the bug by adding proper validation and escaping special characters.

Although exact specifics about the shortcoming have not been disclosed, Zoho’s release notes reveal that the flaw was identified in its internal framework and that it could enable all users to “access the backend database.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex