Path traversal vulnerability

Summary

Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.

Affected Products

FortiWLM versions 8.6.2 and below.
FortiWLM versions 8.5.2 and below.
FortiWLM versions 8.4.2 and below.
FortiWLM versions 8.3.3 and below.

Solutions

Upgrade to FortiWLM 8.6.3 or above.

Timeline

2022-03-01: Initial publication