Path traversal vulnerability
Summary
Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
Affected Products
FortiWLM versions 8.6.2 and below.
FortiWLM versions 8.5.2 and below.
FortiWLM versions 8.4.2 and below.
FortiWLM versions 8.3.3 and below.
Solutions
Upgrade to FortiWLM 8.6.3 or above.
Timeline
2022-03-01: Initial publication