CVE-2020-29018

Name of the Vulnerable Software and Affected Versions: FortiWeb versions 6.3.0 through 6.3.5

Description: A format string vulnerability may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.

Recommendations: For FortiWeb versions 6.3.0 through 6.3.5, consider restricting access to the redir parameter until a patch is available. As a temporary workaround, avoid using the redir parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.