CVE-2019-16157

Name of the Vulnerable Software and Affected Versions FortiWeb versions 6.2.0 and earlier

Description The issue is related to an information exposure vulnerability that may allow an authenticated user to view sensitive information being logged via diagnose debug commands. This vulnerability is associated with a lack of protection for internal data. An attacker could exploit this vulnerability to disclose protected information using diagnose debug commands.

Recommendations For FortiWeb versions 6.2.0 and earlier, consider restricting access to the diagnose debug commands until a patch is available. As a temporary workaround, limit the use of diagnose debug commands to minimize the risk of sensitive information exposure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.