File System Information Disclosure Vulnerability in FortiAnalyzer

File System Information Disclosure Vulnerability in FortiAnalyzer

CVE-2022-42477 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.