FortiWeb - Path traversal via browse report CGI component

Summary

A relative path traversal vulnerability [CWE-23] in FortiWeb may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests.

Affected Products

At least
FortiWeb version 7.0.0 through 7.0.1
FortiWeb 6.2 all versions
FortiWeb 6.4 all versions
FortiWeb 6.3 all versions

Solutions

Please upgrade to FortiWeb version 7.0.2 or above