FortiWeb - Path traversal in API handler
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-22-136
Final
1
1
2023-02-16T00:00:00
Current version
2023-02-16T00:00:00
2023-02-16T00:00:00
A relative path traversal vulnerability [CWE-23] in FortiWeb may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests.
None
Improper access control
FortiWeb version 7.0.0 through 7.0.1FortiWeb version 6.4.0 through 6.4.2FortiWeb version 6.3.6 through 6.3.18
Upgrade FortiWeb to version 7.0.2 and above. Upgrade FortiWeb to version 6.3.19 and above.
Internally discovered and reported by Théo Leleu of Fortinet Product Security team.
FortiWeb 7.0.1
FortiWeb 7.0.0
FortiWeb 6.4.2
FortiWeb 6.4.1
FortiWeb 6.4.0
FortiWeb 6.3.18
FortiWeb 6.3.17
FortiWeb 6.3.16
FortiWeb 6.3.15
FortiWeb 6.3.14
FortiWeb 6.3.13
FortiWeb 6.3.12
FortiWeb 6.3.11
FortiWeb 6.3.10
FortiWeb 6.3.9
FortiWeb 6.3.8
FortiWeb 6.3.7
FortiWeb 6.3.6
FortiWeb - Path traversal in API handler
CVE-2022-30300
FortiWeb-7.0.1
FortiWeb-7.0.0
FortiWeb-6.4.2
FortiWeb-6.4.1
FortiWeb-6.4.0
FortiWeb-6.3.18
FortiWeb-6.3.17
FortiWeb-6.3.16
FortiWeb-6.3.15
FortiWeb-6.3.14
FortiWeb-6.3.13
FortiWeb-6.3.12
FortiWeb-6.3.11
FortiWeb-6.3.10
FortiWeb-6.3.9
FortiWeb-6.3.8
FortiWeb-6.3.7
FortiWeb-6.3.6
6.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:U/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-22-136
FortiWeb - Path traversal in API handler
Reference>