CVE-2023-23781

Name of the Vulnerable Software and Affected Versions FortiWeb versions 7.0.1 and below FortiWeb versions 6.4 and all versions below 6.3.19

Description The issue is caused by a stack-based buffer overflow. It may allow a remote attacker to execute arbitrary code using specially crafted XML files. The vulnerability can be exploited by an authenticated attacker in the SAML server configuration.

Recommendations For FortiWeb versions 7.0.1 and below, update to a version above 7.0.1 to resolve the issue. For FortiWeb versions 6.4 and all versions below 6.3.19, update to a version above 6.3.19 to resolve the issue. As a temporary workaround, consider restricting access to the SAML server configuration to minimize the risk of exploitation. Avoid using specifically crafted XML files in the affected configuration until the issue is resolved.