Rewterz Threat Alert – Dridex Banking Trojan – IoCs
September 22, 2020Rewterz Threat Advisory – CVE-2020-3977 – VMware Horizon DaaS broken authentication vulnerability
September 22, 2020Rewterz Threat Alert – Dridex Banking Trojan – IoCs
September 22, 2020Rewterz Threat Advisory – CVE-2020-3977 – VMware Horizon DaaS broken authentication vulnerability
September 22, 2020Severity
Medium
Analysis Summary
FortiManager and FortiAnalyzer are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the Identify Provider name field to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to execute unauthorized code or commands on the system.
Impact
Cross-site scripting
Affected Vendors
FortiGuard
Affected Products
- Fortinet FortiManager 6.2.0
- Fortinet FortiManager 6.2.1
- Fortinet FortiAnalyzer 6.2.3
- Fortinet FortiManager 6.2.3
Remediation
Refer to FortiGuard Advisory FG-IR-20-005 for patch, upgrade or suggested workaround information.