FortiWeb - Path traversal in API controller
Summary
A relative path traversal vulnerability [CWE-23] in the API of FortiWeb may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
Version | Affected | Solution |
---|---|---|
FortiWeb 7.0 | 7.0.0 through 7.0.2 | Upgrade to 7.0.3 or above |
FortiWeb 6.4 | 6.4 all versions | Migrate to a fixed release |
FortiWeb 6.3 | 6.3.6 through 6.3.20 | Upgrade to 6.3.21 or above |