| IR Number | FG-IR-21-160 |
| Date | Dec 7, 2021 |
| Severity |
High |
| CVSSv3 Score | 8.3 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2021-41017 |
| Affected Products |
FortiWeb
:
6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiWeb - Heap-based buffer overflows in API controller
Summary
Multiple heap-based buffer overflow vulnerabilities [CWE-122] in web API controllers of FortiWeb may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests.
Affected Products
FortiWeb 6.4.1 and below.
FortiWeb 6.3.15 and below.
Solutions
Upgrade to FortiWeb version 6.4.2 or above.
Upgrade to FortiWeb version 6.3.16 or above.