CVE-2023-23784

Name of the Vulnerable Software and Affected Versions FortiWeb versions 6.3.6 through 6.3.20 FortiWeb versions 7.0.0 through 7.0.2 FortiWeb 6.4 all versions

Description The issue is related to a relative path traversal that allows information disclosure via specially crafted web requests. This is due to incorrect restriction of the directory path name with limited access. Exploitation of the issue may allow a remote attacker to disclose protected information.

Recommendations For FortiWeb versions 6.3.6 through 6.3.20, update to a version outside of this range to resolve the issue. For FortiWeb versions 7.0.0 through 7.0.2, update to a version outside of this range to resolve the issue. For FortiWeb 6.4 all versions, update to a version that is not part of the 6.4 series to resolve the issue. As a temporary workaround, consider restricting access to the web application to minimize the risk of exploitation.