CVE-2023-42783

Name of the Vulnerable Software and Affected Versions Fortinet FortiWLM versions 8.2.2 through 8.3.0 Fortinet FortiWLM versions 8.3.2 through 8.4.0 Fortinet FortiWLM versions 8.4.2 through 8.5.4 Fortinet FortiWLM versions 8.6.0 through 8.6.5

Description A relative path traversal issue in Fortinet FortiWLM allows an attacker to read arbitrary files via crafted HTTP requests. This is related to errors in processing relative paths to directories. Exploitation of this issue may allow a remote attacker to read arbitrary files using specially crafted HTTP requests.

Recommendations For Fortinet FortiWLM versions 8.2.2 through 8.3.0, update to a version that fixes the relative path traversal issue. For Fortinet FortiWLM versions 8.3.2 through 8.4.0, update to a version that fixes the relative path traversal issue. For Fortinet FortiWLM versions 8.4.2 through 8.5.4, update to a version that fixes the relative path traversal issue. For Fortinet FortiWLM versions 8.6.0 through 8.6.5, update to a version that fixes the relative path traversal issue. As a temporary workaround, consider restricting access to the vulnerable HTTP endpoints until a patch is available.