FortiWeb - Open redirect in redir handler due to direct input interpolation

2021-12-0700:00:00

FortiGuard Labs

www.fortiguard.com

0.001 Low

EPSS

Percentile

31.5%

JSON

An URL redirection to untrusted site (‘Open Redirect’) [CWE-601] vulnerability in FortiWeb may allow an authenticated attacker to use the device as a proxy and reach external or protected hosts via redirection handlers.

CPENameOperatorVersion
fortiwebeq6.4.1
fortiwebeq6.4.0
fortiwebeq6.3.9
fortiwebeq6.3.8
fortiwebeq6.3.7
fortiwebeq6.3.6
fortiwebeq6.3.5
fortiwebeq6.3.4
fortiwebeq6.3.3
fortiwebeq6.3.2

Name	Operator	Version
fortiweb	eq	6.4.1
fortiweb	eq	6.4.0
fortiweb	eq	6.3.9
fortiweb	eq	6.3.8
fortiweb	eq	6.3.7
fortiweb	eq	6.3.6
fortiweb	eq	6.3.5
fortiweb	eq	6.3.4
fortiweb	eq	6.3.3
fortiweb	eq	6.3.2

Rows per page:

1-10 of 271

0.001 Low

EPSS

Percentile

31.5%

JSON

Related for FG-IR-21-168