PSIRT Advisories

Monthly PSIRT Advisories

The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.  

For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.

An information disclosure vulnerability in FortiWeb's Web Vulnerability Scan profile may allow a remote authenticated atta...

FortiWeb 6.3.4, 6.3.3, 6.3.2
Apr 06, 2021 Risk IR Number: FG-IR-20-076 CVE-2020-15942
An improper neutralization of input during web page generation in FortiWeb GUI interface may allow an unauthenticated, rem...

FortiWeb 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.2.4
Feb 03, 2021 Risk IR Number: FG-IR-20-122 CVE-2021-22122
An information exposure vulnerability in FortiWeb CLI may allow an authenticated user to view sensitive information being ...

FortiWeb 6.2.0
Mar 11, 2020 Risk IR Number: FG-IR-19-269 CVE-2019-16157
An improper neutralization of input vulnerability in FortiWeb may allow a remote authenticated attacker to perform a store...

FortiWeb 6.3.0, 6.2.2, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.9.1, 5.9.0
Mar 09, 2020 Risk IR Number: FG-IR-20-001 CVE-2020-6646
An improper neutralization of input vulnerability in the Anomaly Detection interface of FortiWeb may allow a remote unauth...

FortiWeb 6.2.1, 6.2.0, 6.1.1
Mar 09, 2020 Risk IR Number: FG-IR-19-265 CVE-2019-16156
The URL part of the report message is not encoded in Fortinet FortiWeb which may allow an attacker to execute unauthorized...

FortiWeb 6.0.2
Jun 12, 2019 Risk IR Number: FG-IR-19-070 CVE-2019-5590