Vulnerability Details CVE-2024-35275
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.0%
CVSS Severity
CVSS v3 Score 6.6
Products affected by CVE-2024-35275
-
cpe:2.3:a:fortinet:fortianalyzer:7.4.0
-
cpe:2.3:a:fortinet:fortianalyzer:7.4.1
-
cpe:2.3:a:fortinet:fortianalyzer:7.4.2
-
cpe:2.3:a:fortinet:fortianalyzer:7.4.3
-
cpe:2.3:a:fortinet:fortianalyzer_cloud:7.4.1
-
cpe:2.3:a:fortinet:fortianalyzer_cloud:7.4.2
-
cpe:2.3:a:fortinet:fortimanager:7.4.0
-
cpe:2.3:a:fortinet:fortimanager:7.4.1
-
cpe:2.3:a:fortinet:fortimanager:7.4.2
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.4.1
-
cpe:2.3:a:fortinet:fortimanager_cloud:7.4.2