Multiple heap-based buffer overflow vulnerabilities [CWE-122] in web API controllers of FortiWeb may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests.
FortiWeb 6.4.1 and below.
FortiWeb 6.3.15 and below.
Upgrade to FortiWeb version 6.4.2 or above.
Upgrade to FortiWeb version 6.3.16 or above.