One of the high-severity issues affects FortiTester and it allows an authenticated attacker to execute commands via specially crafted arguments to existing commands. FortiSIEM is affected by a vulnerability that allows a local attacker with command-line access to perform operations on the Glassfish server directly via a hardcoded password.

The remaining high-severity flaws are stored and reflected cross-site scripting (XSS) bugs. They impact FortiADC, FortiDeceptor, FortiManager and FortiAnalyzer. Some of them can be exploited remotely without authentication.

Medium- and low-severity vulnerabilities have been patched in FortiOS, FortiTester, FortiSOAR, FortiMail, FortiEDR CollectorWindows, FortiClient for Mac, and FortiADC.