Improper Access Control in FortiWeb Affects Log Reports
CVE-2021-41013
5.3MEDIUM
Summary
An improper access control issue in FortiWeb versions 6.4.1 and earlier, and 6.3.15 and earlier allows unauthorized and unauthenticated users to access sensitive log reports through direct URL manipulation. This vulnerability exposes critical logging information, potentially compromising the security posture of affected systems.
Affected Version(s)
Fortinet FortiWeb FortiWeb 6.4.1, 6.4.0, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved