Path traversal in API handler Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-136 Final 1 1 2023-02-16T00:00:00 Current version 2023-02-16T00:00:00 2023-02-16T00:00:00 A relative path traversal vulnerability [CWE-23] in FortiWeb may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests. None Improper access control FortiWeb 7.2 all versions are not affectedFortiWeb version 7.0.0 through 7.0.1FortiWeb version 6.4.0 through 6.4.2FortiWeb version 6.3.6 through 6.3.18FortiWeb 6.2 all versions are not affectedFortiWeb 6.1 all versions are not affected Upgrade FortiWeb to version 7.0.2 and above.Upgrade FortiWeb to version 6.3.19 and above. Internally discovered and reported by Théo Leleu of Fortinet Product Security team. FortiWeb 7.0.1 FortiWeb 7.0.0 FortiWeb 6.4.2 FortiWeb 6.4.1 FortiWeb 6.4.0 FortiWeb 6.3.18 FortiWeb 6.3.17 FortiWeb 6.3.16 FortiWeb 6.3.15 FortiWeb 6.3.14 FortiWeb 6.3.13 FortiWeb 6.3.12 FortiWeb 6.3.11 FortiWeb 6.3.10 FortiWeb 6.3.9 FortiWeb 6.3.8 FortiWeb 6.3.7 FortiWeb 6.3.6 CVE-2022-30300 FortiWeb-7.0.1 FortiWeb-7.0.0 FortiWeb-6.4.2 FortiWeb-6.4.1 FortiWeb-6.4.0 FortiWeb-6.3.18 FortiWeb-6.3.17 FortiWeb-6.3.16 FortiWeb-6.3.15 FortiWeb-6.3.14 FortiWeb-6.3.13 FortiWeb-6.3.12 FortiWeb-6.3.11 FortiWeb-6.3.10 FortiWeb-6.3.9 FortiWeb-6.3.8 FortiWeb-6.3.7 FortiWeb-6.3.6 6.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-22-136 Path traversal in API handler Reference>