| IR Number | FG-IR-22-136 |
| Date | Feb 16, 2023 |
| Severity |
Medium |
| CVSSv3 Score | 6.2 |
| Impact | Improper access control |
| CVE ID | CVE-2022-30300 |
| Affected Products |
FortiWeb
:
7.0.1, 7.0.0, 6.4.2, 6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.18, 6.3.17, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiWeb - Path traversal in API handler
Summary
A relative path traversal vulnerability [CWE-23] in FortiWeb may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests.
Affected Products
FortiWeb version 7.0.0 through 7.0.1FortiWeb version 6.3.6 through 6.3.18
FortiWeb 6.4 all versions
Solutions
Upgrade FortiWeb to version 7.0.2 and above.
Upgrade FortiWeb to version 6.3.19 and above.