Описание
An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 6.3.0 (включая) до 6.3.15 (включая)
Одно из
cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiweb:6.4.1:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00489
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-863
Связанные уязвимости
github
около 4 лет назад
An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs.
EPSS
Процентиль: 65%
0.00489
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-863