CVE-2023-23778

Name of the Vulnerable Software and Affected Versions FortiWeb versions 7.0.1 and below FortiWeb versions 6.4 and below FortiWeb versions 6.3 and below FortiWeb versions 6.2 and below

Description The issue is related to incorrect restriction of a directory path name with limited access in the FortiWeb web application firewall. Exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information using a specially crafted HTTP request. This is a relative path traversal issue that may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests.

Recommendations For FortiWeb versions 7.0.1 and below, update to a version above 7.0.1 to resolve the issue. For FortiWeb versions 6.4 and below, update to a version above 6.4 to resolve the issue. For FortiWeb versions 6.3 and below, update to a version above 6.3 to resolve the issue. For FortiWeb versions 6.2 and below, update to a version above 6.2 to resolve the issue.