FortiWeb - Open redirect due to missing domain whitelisting
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-21-133
Final
1
1
2021-12-07T00:00:00
Current version
2021-12-07T00:00:00
2021-12-07T00:00:00
A URL redirection to untrusted site ('Open Redirect') [CWE-601] in FortiWeb may allow an authenticated attacker to use the device as proxy to reach any protected host via crafted HTTP requests.
None
Improper access control
FortiWeb version 6.0.0 through 6.0.7 FortiWeb version 6.1.0 through 6.1.2 FortiWeb version 6.2.0 through 6.2.7 FortiWeb version 6.3.0 through 6.3.15 FortiWeb version 6.4.0 through 6.4.1
Upgrade to FortiWeb version 7.0.0 and above Upgrade to FortiWeb version 6.4.2 and above Upgrade to FortiWeb version 6.3.16 and above
Internally discovered and reported by Mattia Fecit of Fortinet Product Security team.
FortiWeb 6.4.1
FortiWeb 6.4.0
FortiWeb 6.3.15
FortiWeb 6.3.14
FortiWeb 6.3.13
FortiWeb 6.3.12
FortiWeb 6.3.11
FortiWeb 6.3.10
FortiWeb 6.3.9
FortiWeb 6.3.8
FortiWeb 6.3.7
FortiWeb 6.3.6
FortiWeb 6.3.5
FortiWeb 6.3.4
FortiWeb 6.3.3
FortiWeb 6.3.2
FortiWeb 6.3.1
FortiWeb 6.3.0
FortiWeb 6.2.8
FortiWeb 6.2.7
FortiWeb 6.2.6
FortiWeb 6.2.5
FortiWeb 6.2.4
FortiWeb 6.2.3
FortiWeb 6.2.2
FortiWeb 6.2.1
FortiWeb 6.2.0
FortiWeb 6.1.4
FortiWeb 6.1.3
FortiWeb 6.1.2
FortiWeb 6.1.1
FortiWeb 6.1.0
FortiWeb 6.0.8
FortiWeb 6.0.7
FortiWeb 6.0.6
FortiWeb 6.0.5
FortiWeb 6.0.4
FortiWeb 6.0.3
FortiWeb 6.0.2
FortiWeb 6.0.1
FortiWeb 6.0.0
FortiWeb - Open redirect due to missing domain whitelisting
CVE-2021-36191
FortiWeb-6.4.1
FortiWeb-6.4.0
FortiWeb-6.3.15
FortiWeb-6.3.14
FortiWeb-6.3.13
FortiWeb-6.3.12
FortiWeb-6.3.11
FortiWeb-6.3.10
FortiWeb-6.3.9
FortiWeb-6.3.8
FortiWeb-6.3.7
FortiWeb-6.3.6
FortiWeb-6.3.5
FortiWeb-6.3.4
FortiWeb-6.3.3
FortiWeb-6.3.2
FortiWeb-6.3.1
FortiWeb-6.3.0
FortiWeb-6.2.8
FortiWeb-6.2.7
FortiWeb-6.2.6
FortiWeb-6.2.5
FortiWeb-6.2.4
FortiWeb-6.2.3
FortiWeb-6.2.2
FortiWeb-6.2.1
FortiWeb-6.2.0
FortiWeb-6.1.4
FortiWeb-6.1.3
FortiWeb-6.1.2
FortiWeb-6.1.1
FortiWeb-6.1.0
FortiWeb-6.0.8
FortiWeb-6.0.7
FortiWeb-6.0.6
FortiWeb-6.0.5
FortiWeb-6.0.4
FortiWeb-6.0.3
FortiWeb-6.0.2
FortiWeb-6.0.1
FortiWeb-6.0.0
3.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N/E:P/RL:X/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-21-133
FortiWeb - Open redirect due to missing domain whitelisting
Reference>