FortiWeb - Unauthorized user is granted access to the Reports available in the Log & Report section

2021-12-0700:00:00

FortiGuard Labs

www.fortiguard.com

0.001 Low

EPSS

Percentile

33.2%

JSON

An improper access control vulnerability [CWE-284] in the Report Browse section of FortiWeb’s Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs.

CPENameOperatorVersion
fortiwebeq6.4.1
fortiwebeq6.4.0
fortiwebeq6.3.9
fortiwebeq6.3.8
fortiwebeq6.3.7
fortiwebeq6.3.6
fortiwebeq6.3.5
fortiwebeq6.3.4
fortiwebeq6.3.3
fortiwebeq6.3.2

Name	Operator	Version
fortiweb	eq	6.4.1
fortiweb	eq	6.4.0
fortiweb	eq	6.3.9
fortiweb	eq	6.3.8
fortiweb	eq	6.3.7
fortiweb	eq	6.3.6
fortiweb	eq	6.3.5
fortiweb	eq	6.3.4
fortiweb	eq	6.3.3
fortiweb	eq	6.3.2

Rows per page:

1-10 of 181

0.001 Low

EPSS

Percentile

33.2%

JSON

Related for FG-IR-21-138