FortiWeb - Open redirect due to missing domain whitelisting

2021-12-0700:00:00

FortiGuard Labs

www.fortiguard.com

0.001 Low

EPSS

Percentile

22.9%

JSON

A URL redirection to untrusted site (‘Open Redirect’) [CWE-601] in FortiWeb may allow an authenticated attacker to use the device as proxy to reach any protected host via crafted HTTP requests.

CPENameOperatorVersion
fortiwebeq6.4.1
fortiwebeq6.4.0
fortiwebeq6.3.9
fortiwebeq6.3.8
fortiwebeq6.3.7
fortiwebeq6.3.6
fortiwebeq6.3.5
fortiwebeq6.3.4
fortiwebeq6.3.3
fortiwebeq6.3.2

Name	Operator	Version
fortiweb	eq	6.4.1
fortiweb	eq	6.4.0
fortiweb	eq	6.3.9
fortiweb	eq	6.3.8
fortiweb	eq	6.3.7
fortiweb	eq	6.3.6
fortiweb	eq	6.3.5
fortiweb	eq	6.3.4
fortiweb	eq	6.3.3
fortiweb	eq	6.3.2

Rows per page:

1-10 of 411

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for FG-IR-21-133