CVE-2022-30299

Name of the Vulnerable Software and Affected Versions FortiWeb versions 6.0 through 7.0.1 FortiWeb versions 6.1 FortiWeb versions 6.2 FortiWeb versions 6.3.0 through 6.3.19 FortiWeb versions 6.4

Description A path traversal issue in the API of FortiWeb may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests.

Recommendations For FortiWeb versions 6.0, consider disabling access to the API until a patch is available. For FortiWeb versions 6.1, restrict access to the vulnerable API endpoint to minimize the risk of exploitation. For FortiWeb versions 6.2, avoid using specially crafted web requests in the affected API. For FortiWeb versions 6.3.0 through 6.3.19, consider applying configuration changes to limit access to sensitive files. For FortiWeb versions 6.4, restrict access to the underlying file system to prevent exploitation. For FortiWeb versions 7.0.0 through 7.0.1, consider disabling the vulnerable API functionality until a patch is available.