EPSS
Percentile
72.0%
A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session.