Path traversal vulnerabilities Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-014 Final 1 1 2021-07-07T00:00:00 Current version 2021-07-07T00:00:00 2021-07-07T00:00:00 Multiple Path traversal vulnerabilities in FortiMail, FortiNDR & FortiWeb may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests. Improper access control FortiMail 6.4.3 and below.FortiMail 6.2.6 and below.FortiMail 6.0.10 and below.FortiMail 5.4.12 and below.At leastFortiWeb version 5.9.0 through 5.9.2FortiWeb version 6.0.0 through 6.0.8FortiWeb version 6.1.0 through 6.1.3FortiWeb version 6.2.0 through 6.2.7FortiWeb version 6.3.0 through 6.3.17FortiWeb version 6.4.0 through 6.4.2FortiWeb version 7.0.0FortiNDR version 1.1.0FortiNDR version 1.2.0FortiNDR version 1.3.0 through 1.3.1FortiNDR version 1.4.0FortiNDR version 1.5.0 through 1.5.3 Upgrade to FortiMail version 7.0.0 or above,Upgrade to FortiMail version 6.4.4 or above,Upgrade to FortiMail version 6.2.7 or above.Upgrade to FortiMail version 6.0.11 or above.Upgrade to FortiNDR version 7.0.0 or above.Please upgrade to FortiWeb version 7.0.1 or above,Please upgrade to FortiWeb version 6.4.3 or above,Please upgrade to FortiWeb version 6.3.18 or above. This issue was discovered by Giuseppe Cocomazzi of the Fortinet PSIRT Team during an internal security assessment. CVE-2021-24013 6.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-014 Path traversal vulnerabilities Reference>