| IR Number | FG-IR-23-068 |
| Date | Sep 13, 2023 |
| Component | GUI |
| Severity |
High |
| CVSSv3 Score | 7.1 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2023-34984 |
| Affected Products |
FortiWeb
:
7.2.1, 7.2.0, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.3.23, 6.3.22, 6.3.21, 6.3.20, 6.3.19, 6.3.18, 6.3.17, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiWeb - Insufficient protections against XSS and CSRF
Summary
A protection mechanism failure [CWE-693] vulnerability in FortiWeb may allow an attacker to bypass XSS and CSRF protections.
Affected Products
FortiWeb version 7.2.0 through 7.2.1
FortiWeb version 7.0.0 through 7.0.6
FortiWeb 6.4 all versions
FortiWeb 6.3 all versions
Solutions
Please upgrade to FortiWeb version 7.2.2 or abovePlease upgrade to FortiWeb version 7.0.7 or above