| IR Number | FG-IR-22-460 |
| Date | Feb 16, 2023 |
| Severity |
Medium |
| CVSSv3 Score | 6.6 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2023-22636 |
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiWeb - Unauthorized Configuration Download Vulnerability
Summary
An unauthorized configuration download vulnerability [CWE-285] in FortiWeb may allow a local attacker to access confidential configuration files via a crafted http request.
Affected Products
FortiWeb version 7.0.0 through 7.0.4
FortiWeb version 6.4.0 through 6.4.2
FortiWeb version 6.3.6 through 6.3.21
Solutions
Please upgrade to FortiWeb version 7.0.5 or above.
Please upgrade to FortiWeb version 7.2.0 or above.