Technology NewsFortinet and Zoho Urge Customers to Patch Enterprise Software...

Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities

-


Jan 05, 2023Ravie LakshmananApplication Security / SQLi

Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities

Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code.

“An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests,” the company said in an advisory.

The vulnerability, tracked as CVE-2022-39947 (CVSS score: 8.6) and internally discovered by its product security team, impacts the following versions –

  • FortiADC version 7.0.0 through 7.0.2
  • FortiADC version 6.2.0 through 6.2.3
  • FortiADC version 6.1.0 through 6.1.6
  • FortiADC version 6.0.0 through 6.0.4
  • FortiADC version 5.4.0 through 5.4.5

Users are recommended to upgrade to FortiADC versions 6.2.4 and 7.0.2 as and when they become available.

The January 2023 patches also address a number of command injection vulnerabilities in FortiTester (CVE-2022-35845, CVSS score: 7.6) that could permit an authenticated attacker to execute arbitrary commands in the underlying shell.

Zoho Ships Fixes For An SQLi Flaw

Enterprise software provider Zoho is also urging customers to upgrade to the latest versions of Access Manager Plus, PAM360, and Password Manager Pro following the discovery of a severe SQL injection (SQLi) vulnerability.

Assigned the identifier CVE-2022-47523, the issue affects Access Manager Plus versions 4308 and below; PAM360 versions 5800 and below; and Password Manager Pro versions 12200 and below.

“This vulnerability can allow an adversary to execute custom queries, and access the database table entries using the vulnerable request,” the India-based company said, adding it fixed the bug by adding proper validation and escaping special characters.

Although exact specifics about the shortcoming have not been disclosed, Zoho’s release notes reveal that the flaw was identified in its internal framework and that it could enable all users to “access the backend database.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.



LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

What configurations does the Apple MacBook Pro (2023) come in?

The MacBook Pro (2023) offers several distinct configurations, including different screen sizes, processors, SSDs, and more. ...

How to know that you have to buy a new mobile phone

Despite the fact that smartphones can perfectly last several years being functional today, there are a series of...

எந்த வயதில் மக்கள் குறைவாக தூங்குகிறார்கள்?

ஆய்வில் பங்கேற்றவர்களில் இளையவர் (வயது 19) அதிகம் தூங்குவதாகவும் ஆய்வில் கண்டறியப்பட்டுள்ளது.இருந்து ஆராய்ச்சியாளர்கள் நடத்திய புதிய ஆய்வு லண்டன் பல்கலைக்கழக கல்லூரிதி கிழக்கு ஆங்கிலியா...

MSI laptops with NVIDIA GeForce RTX 4000 graphics – report from the premiere event in Warsaw

At this year's CES in Las Vegas, NVIDIA presented the new generation of GeForce RTX 4000 mobile graphics...

How to know that you have to buy a new mobile phone

Despite the fact that smartphones can perfectly last several years being functional today, there are a series of...

MSI laptops with NVIDIA GeForce RTX 4000 graphics – report from the premiere event in Warsaw

At this year's CES in Las Vegas, NVIDIA presented the new generation of GeForce RTX 4000 mobile graphics...

Must read

This curious Xiaomi device has a discount and has completely revolutionized my kitchen

Forget oil forever, the Xiaomi air fryer drops...

How to know that you have to buy a new mobile phone

Despite the fact that smartphones can perfectly last...