An improper neutralization of formula elements vulnerability (CWE 1236) in FortiAnalyzer may allow a local authenticated privileged attacker to execute arbitrary code on the end-user's host via inserting spreadsheet formulas in the macro names. This is achieved once the user downloads and opens the CSV report files.
|FortiAnalyzer 7.2||7.2.0 through 7.2.1||Upgrade to 7.2.2 or above|
|FortiAnalyzer 7.0||7.0.0 through 7.0.6||Upgrade to 7.0.7 or above|
|FortiAnalyzer 6.4||6.4 all versions||Migrate to a fixed release|