CVE-2023-46713

Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 6.2.0 through 6.2.8 Fortinet FortiWeb versions 6.3.0 through 6.3.23 Fortinet FortiWeb versions 7.0.0 through 7.0.9 Fortinet FortiWeb versions 7.2.0 through 7.2.5 Fortinet FortiWeb version 7.4.0

Description The issue is related to improper output neutralization for logs in Fortinet FortiWeb, which may allow an attacker to forge traffic logs via a crafted URL of the web application. This can be exploited by a remote attacker.

Recommendations For Fortinet FortiWeb versions 6.2.0 through 6.2.8, update to a version outside of this range to resolve the issue. For Fortinet FortiWeb versions 6.3.0 through 6.3.23, update to a version outside of this range to resolve the issue. For Fortinet FortiWeb versions 7.0.0 through 7.0.9, update to a version outside of this range to resolve the issue. For Fortinet FortiWeb versions 7.2.0 through 7.2.5, update to a version outside of this range to resolve the issue. For Fortinet FortiWeb version 7.4.0, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the web application to minimize the risk of exploitation.