| IR Number | FG-IR-22-251 |
| Date | Feb 16, 2023 |
| Severity |
Medium |
| CVSSv3 Score | 5.6 |
| Impact | Information disclosure |
| CVE ID | CVE-2023-23784 |
| Affected Products |
FortiWeb
:
7.0.2, 7.0.1, 7.0.0, 6.4.2, 6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.20, 6.3.19, 6.3.18, 6.3.17, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiWeb - Path traversal in API controller
Summary
A relative path traversal vulnerability [CWE-23] in the API of FortiWeb may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.
Affected Products
FortiWeb version 7.0.0 through 7.0.2FortiWeb version 6.3.6 through 6.3.20
FortiWeb 6.4 all versions
Solutions
Please upgrade to FortiWeb version 7.0.3 or abovePlease upgrade to FortiWeb version 6.3.21 or above