CVE-2024-23665

Name of the Vulnerable Software and Affected Versions: FortiWeb versions 7.4.2 and below FortiWeb versions 7.2.7 and below FortiWeb versions 7.0.10 and below FortiWeb versions 6.4.3 and below FortiWeb versions 6.3.23 and below

Description: The issue is related to improper authorization vulnerabilities in FortiWeb, which may allow an authenticated attacker to perform unauthorized ADOM operations via crafted requests. This can potentially enable a remote attacker to read, modify, or delete data by sending specially crafted requests.

Recommendations: For FortiWeb versions 7.4.2 and below, update to a version above 7.4.2 to resolve the issue. For FortiWeb versions 7.2.7 and below, update to a version above 7.2.7 to resolve the issue. For FortiWeb versions 7.0.10 and below, update to a version above 7.0.10 to resolve the issue. For FortiWeb versions 6.4.3 and below, update to a version above 6.4.3 to resolve the issue. For FortiWeb versions 6.3.23 and below, update to a version above 6.3.23 to resolve the issue. As a temporary workaround, consider restricting access to ADOM operations until a patch is available.