Open redirect in redir handler due to direct input interpolation Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-168 Final 1 1 2021-12-07T00:00:00 Current version 2021-12-07T00:00:00 2021-12-07T00:00:00 An URL redirection to untrusted site ('Open Redirect') [CWE-601] vulnerability in FortiWeb may allow an authenticated attacker to use the device as a proxy and reach external or protected hosts via redirection handlers. Improper access control FortiWeb version 6.2.0 through 6.2.7FortiWeb version 6.3.0 through 6.3.15FortiWeb version 6.4.0 through 6.4.1 Upgrade to FortiWeb version 7.0.0 or aboveUpgrade to FortiWeb version 6.4.2 or aboveUpgrade to FortiWeb version 6.3.16 or above Internally discovered and reported by Mattia Fecit of Fortinet Product Security Team CVE-2021-43064 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-168 Open redirect in redir handler due to direct input interpolation Reference>