vulnerability
Fortinet FortiAnalyzer: URL Redirection to Untrusted Site ('Open Redirect') (CVE-2018-1355)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Jun 27, 2018 | Jul 22, 2021 | Apr 7, 2026 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Jun 27, 2018
Added
Jul 22, 2021
Modified
Apr 7, 2026
Description
An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.
Solution
fortinet-fortianalyzer-upgrade-latest
References
- CVE-2018-1355
- https://attackerkb.com/topics/CVE-2018-1355
- CWE-601
- EUVD-EUVD-2018-11934
- http://www.securityfocus.com/bid/104546
- http://www.securitytracker.com/id/1041184
- http://www.securitytracker.com/id/1041185
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2018-11934
- https://fortiguard.com/advisory/FG-IR-18-022
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.