Information disclosure through diagnose debug commands in FortiWeb


An information exposure vulnerability in FortiWeb CLI may allow an authenticated user to view sensitive information being logged via diagnose debug commands.

Affected Products

FortiWeb 6.2.0 and below.


Please upgrade to FortiWeb 6.3.0, 6.2.1 or above.


Fortinet is pleased to thank Danilo Costa from PBI for reporting this vulnerability under responsible disclosure.