CVE-2020-15942

Name of the Vulnerable Software and Affected Versions FortiWeb versions 6.2.x through 6.2.3 FortiWeb versions 6.3.x through 6.3.4

Description An information disclosure issue in the Web Vulnerability Scan profile of Fortinet's FortiWeb may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile. This is related to insufficient protection of credentials.

Recommendations For FortiWeb versions 6.2.x through 6.2.3, update to version 6.2.4 or later. For FortiWeb versions 6.3.x through 6.3.4, update to version 6.3.5 or later.