Security News > 2023 > January > Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities
Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code.
The vulnerability, tracked as CVE-2022-39947 and internally discovered by its product security team, impacts the following versions -.
Users are recommended to upgrade to FortiADC versions 6.2.4 and 7.0.2 as and when they become available.
The January 2023 patches also address a number of command injection vulnerabilities in FortiTester that could permit an authenticated attacker to execute arbitrary commands in the underlying shell.
Enterprise software provider Zoho is also urging customers to upgrade to the latest versions of Access Manager Plus, PAM360, and Password Manager Pro following the discovery of a severe SQL injection vulnerability.
Assigned the identifier CVE-2022-47523, the issue affects Access Manager Plus versions 4308 and below; PAM360 versions 5800 and below; and Password Manager Pro versions 12200 and below.
News URL
https://thehackernews.com/2023/01/fortinet-and-zoho-urge-customers-to.html
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-05 | CVE-2022-47523 | SQL Injection vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection. | 9.8 |
| 2023-01-03 | CVE-2022-39947 | OS Command Injection vulnerability in Fortinet Fortiadc A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4.5 may allow an attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | 8.8 |