Fortiweb path traversal vulnerability
Summary
A path traversal vulnerability allows an administrator account with read and write privileges to read arbitrary files using the autolearn feature.
Affected Products
FortiWeb 4.4.6 to 5.5.2 with the autolearn feature configured.
Solutions
Upgrade to FortiWeb 5.5.3.
Â
As a workaround the administrators privileges could be changed to read-only.
Acknowledgement
Fortinet is pleased to thanks Ewoud Vlasselaer from Dimension Data Belgium for reporting a FortiWeb vulnerability under responsible disclosure.