Fortinet and Zoho Urge Customers to Patch Vulnerabilities in Enterprise Software

Multiple versions of the FortiADC application delivery controller are susceptible to a critical flaw that could lead to the execution of arbitrary code, according to Fortinet.

“An improper neutralization of special elements used in an OS command vulnerability in FortiADC could allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specially crafted HTTP requests,” according to the company’s advisory.

The vulnerability, tracked as CVE-2022-39947 (CVSS score: 8.6) and discovered internally by its product security team, affects the versions listed below:

  • FortiADC version 7.0.0 through 7.0.2
  • FortiADC version 6.2.0 through 6.2.3
  • FortiADC version 6.1.0 through 6.1.6
  • FortiADC version 6.0.0 through 6.0.4
  • FortiADC version 5.4.0 through 5.4.5

Users are encouraged to upgrade to versions 6.2.4 and 7.0.2 of FortiADC as soon as they become available.

Additionally, the January 2023 patches address several command injection vulnerabilities in FortiTester (CVE-2022-35845, CVSS score: 7.6) that could allow an authenticated attacker to execute arbitrary commands in the underlying shell.

Zoho Releases Fixes For An SQLi Flaw

Following the discovery of a severe SQL injection (SQLi) flaw, enterprise software provider Zoho urges customers to upgrade to the latest versions of Access Manager Plus, PAM360, and Password Manager Pro.

The vulnerability, identified as CVE-2022-47523, affects Access Manager Plus versions before 4308, PAM360 versions before 5800, and Password Manager Pro versions before 12200.

“This vulnerability could allow an adversary to execute custom queries and access database table entries using the vulnerable request,” the India-based company explained, adding that the flaw was fixed by adding proper validation and escaping special characters.

Although exact details regarding the flaw have not been disclosed, Zoho’s release notes reveal that the flaw was discovered in the company’s internal framework and could allow all users to “access the backend database.”

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus

Get more info

Deals

Reviews

Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer

BestTopReviewsOnline.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate I earn from qualifying purchases.

 

Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 BestTopReviewsOnline.com Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of BestTopReviewsOnline.com.