Description

Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and below, version 6.4.3 and below, version 6.3.23 and below may allow an authenticated attacker to perform unauthorized ADOM operations via crafted requests.

Related CPE's

a

fortinet

fortiweb

5

References

https://fortiguard.fortinet.com/psirt/FG-IR-23-474

Vendor Advisory

https://fortiguard.fortinet.com/psirt/FG-IR-23-474

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-285

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

5.9 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2024-06-03T08:15:12.870Z

1 year ago

Last modified

2024-12-17T15:43:37.527Z

1 year ago