2 matches found
Fortinet FortiWeb ] Lack of client-side certificate validation when establishing secure connections (FG-IR-22-326)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-326 advisory. - An improper certificate validation vulnerability CWE-295 in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions...
Path traversal
A relative path traversal vulnerability CWE-23 in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests...