Information disclosure through diagnose debug commands in FortiWeb

Summary

An information exposure vulnerability in FortiWeb CLI may allow an authenticated user to view sensitive information being logged via diagnose debug commands.

Affected Products

FortiWeb 6.2.0 and below.

Solutions

Please upgrade to FortiWeb 6.3.0, 6.2.1 or above.

Acknowledgement

Fortinet is pleased to thank Danilo Costa from PBI for reporting this vulnerability under responsible disclosure.