FortiWeb - heap-based buffer overflow in API v1.0 controller

2021-12-0700:00:00

FortiGuard Labs

www.fortiguard.com

0.001 Low

EPSS

Percentile

40.6%

JSON

A heap-based buffer overflow [CWE-122] vulnerability in FortiWeb may allow an authenticated attacker to execute arbitrary code or commands via crafted HTTP requests to the LogAccess and LogReport API controller.

CPENameOperatorVersion
fortiwebeq6.4.1
fortiwebeq6.4.0
fortiwebeq6.3.9
fortiwebeq6.3.8
fortiwebeq6.3.7
fortiwebeq6.3.6
fortiwebeq6.3.5
fortiwebeq6.3.4
fortiwebeq6.3.3
fortiwebeq6.3.2

Name	Operator	Version
fortiweb	eq	6.4.1
fortiweb	eq	6.4.0
fortiweb	eq	6.3.9
fortiweb	eq	6.3.8
fortiweb	eq	6.3.7
fortiweb	eq	6.3.6
fortiweb	eq	6.3.5
fortiweb	eq	6.3.4
fortiweb	eq	6.3.3
fortiweb	eq	6.3.2

Rows per page:

1-10 of 281

0.001 Low

EPSS

Percentile

40.6%

JSON

Related for FG-IR-21-188