4 matches found
Fortinet FortiWeb ] Lack of client-side certificate validation when establishing secure connections (FG-IR-22-326)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-326 advisory. - An improper certificate validation vulnerability CWE-295 in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions...
Fortinet FortiWeb Format string vulnerability in the CLI (FG-IR-22-187)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-187 advisory. - A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions...
Path traversal
A path traversal vulnerability CWE-23 in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially...
Path traversal
A relative path traversal vulnerability CWE-23 in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests...