PT-2018-5626 · Fortinet · Fortiweb
Publicado
2018-03-20
·
Atualizado
2019-10-03
·
CVE-2017-14191
CVSS v3.1
5.9
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Fortinet FortiWeb versions 5.6.0 through 6.0.x
Description:
The issue is related to an Improper Access Control vulnerability. It allows an attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie when the product is under "Signed Security Mode".
Recommendations:
For Fortinet FortiWeb versions 5.6.0 through 6.0.x, update to version 6.1.0 or later to resolve the issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Fortiweb