Information disclosure through diagnose debug commands in FortiWeb
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-19-269
Final
1
1
2020-09-18T00:00:00
Current version
2020-09-18T00:00:00
2020-09-18T00:00:00
An information exposure vulnerability in FortiWeb CLI may allow an authenticated user to view sensitive information being logged via diagnose debug commands.
None
Information disclosure
FortiWeb 6.2.0 and below.
Please upgrade to FortiWeb 6.3.0, 6.2.1 or above.
Fortinet is pleased to thank Danilo Costa from PBI for reporting this vulnerability under responsible disclosure.
FortiWeb 6.2.0
Information disclosure through diagnose debug commands in FortiWeb
CVE-2019-16157
FortiWeb-6.2.0
https://fortiguard.fortinet.com/psirt/FG-IR-19-269
Information disclosure through diagnose debug commands in FortiWeb
Reference>