FortiWeb - Path traversal in API controller
Summary
Multiple relative path traversal vulnerabilities [CWE-23] in the API of FortiWeb may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
Affected Products
FortiWeb versions 6.4.1 and below.
FortiWeb versions 6.3.15 and below.
FortiWeb versions 6.2.6 and below.
FortiWeb versions 6.1.2 and below.
FortiWeb versions 6.3.15 and below.
Solutions
Upgrade to FortiWeb 7.0.0 or above.
Upgrade to FortiWeb 6.4.2 or above.
Upgrade to FortiWeb 6.3.16 or above.