CVE-2022-38381
published 2022-11-02CVE-2022-38381: An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortiadc | — | — |
| fortinet | fortiadc | 5.0.0 – 5.0.4 | — |
| fortinet | fortiadc | 5.1.0 – 5.1.7 | — |
| fortinet | fortiadc | 5.2.0 – 5.2.8 | — |
| fortinet | fortiadc | 5.3.0 – 5.3.7 | — |
| fortinet | fortiadc | 5.4.0 – 5.4.5 | — |
| fortinet | fortiadc | 6.0.0 – 6.0.4 | — |
| fortinet | fortiadc | 6.1.0 – 6.1.6 | — |
| fortinet | fortiadc | 6.2.0 – 6.2.3 | — |
| fortinet | fortiadc | 7.0.0 – 7.0.2 | — |
| fortinet | fortinet_fortiadc | — | — |