CVE-2024-33501
published 2025-03-11CVE-2024-33501: Two improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiAnalyzer version 7.4.0 through…
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
Two improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via specifically crafted CLI requests.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortianalyzer | — | — |
| fortinet | fortianalyzer | >= 6.4.0 < 7.2.6 | 7.2.6 |
| fortinet | fortianalyzer | >= 7.4.0 < 7.4.3 | 7.4.3 |
| fortinet | fortianalyzer_big_data | — | — |
| fortinet | fortianalyzer_big_data | >= 6.4.5 < 7.2.8 | 7.2.8 |
| fortinet | fortianalyzerbigdata | — | — |
| fortinet | fortimanager | — | — |
| fortinet | fortimanager | 6.0.10 – 6.0.12 | — |
| fortinet | fortimanager | >= 6.2.8 < 7.2.6 | 7.2.6 |
| fortinet | fortimanager | 6.2.8 – 6.2.13 | — |
| fortinet | fortimanager | 6.4.4 – 6.4.15 | — |
| fortinet | fortimanager | 7.0.0 – 7.0.13 | — |
| fortinet | fortimanager | 7.2.0 – 7.2.5 | — |
| fortinet | fortimanager | >= 7.4.0 < 7.4.3 | 7.4.3 |
| fortinet | fortimanager | 7.4.0 – 7.4.2 | — |
| fortinet | fortinet | — | — |