CORS: arbitrary origin trusted

CORS: arbitrary origin trusted Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-518 Final 1 1 2023-11-14T00:00:00 Current version 2023-11-14T00:00:00 2023-10-17T00:00:00 A permissive cross-domain policy with untrusted domains (CWE-942) vulnerability in the API of FortiADC / FortiDDoS-F may allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests. None Improper access control FortiADC 7.1.1 FortiADC 7.1.0 FortiDDoS-F 6.4.1 FortiDDoS-F 6.4.0 FortiDDoS-F 6.3.5 FortiDDoS-F 6.3.4 FortiDDoS-F 6.3.3 FortiDDoS-F 6.3.2 FortiDDoS-F 6.3.1 FortiDDoS-F 6.3.0 CORS: arbitrary origin trusted CVE-2023-25603 FortiADC-7.1.1 FortiADC-7.1.0 FortiDDoS-F-6.4.1 FortiDDoS-F-6.4.0 FortiDDoS-F-6.3.5 FortiDDoS-F-6.3.4 FortiDDoS-F-6.3.3 FortiDDoS-F-6.3.2 FortiDDoS-F-6.3.1 FortiDDoS-F-6.3.0 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-22-518 CORS: arbitrary origin trusted Reference>