FortiWeb - Path traversal in API handler
Summary
A relative path traversal vulnerability [CWE-23] in FortiWeb may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests.
Affected Products
FortiWeb version 7.0.0 through 7.0.1FortiWeb version 6.3.6 through 6.3.18
FortiWeb 6.4 all versions
Solutions
Upgrade FortiWeb to version 7.0.2 and above.
Upgrade FortiWeb to version 6.3.19 and above.