PT-2025-15427 · Fortinet · Fortiweb
Published
2024-11-09
·
Updated
2025-04-08
·
CVE-2024-46671
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
FortiWeb versions 7.6.2 and below
FortiWeb versions 7.4.6 and below
FortiWeb versions 7.2.10 and below
FortiWeb versions 7.0.11 and below
Description:
The issue is related to Incorrect User Management, allowing an authenticated attacker with at least read-only admin permission to perform operations on the dashboard of other administrators via crafted requests.
Recommendations:
For FortiWeb versions 7.6.2 and below, update to a version above 7.6.2 to resolve the issue.
For FortiWeb versions 7.4.6 and below, update to a version above 7.4.6 to resolve the issue.
For FortiWeb versions 7.2.10 and below, update to a version above 7.2.10 to resolve the issue.
For FortiWeb versions 7.0.11 and below, update to a version above 7.0.11 to resolve the issue.
Fix
LPE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortiweb