A relative path traversal vulnerability [CWE-23] in FortiWeb may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests.
Affected ProductsFortiWeb version 7.0.0 through 7.0.1
FortiWeb version 6.3.6 through 6.3.18
FortiWeb 6.4 all versions
Upgrade FortiWeb to version 7.0.2 and above.
Upgrade FortiWeb to version 6.3.19 and above.