Improper Access Control in FortiWeb Affects Log Reports
CVE-2021-41013

5.3MEDIUM

Key Information:

Vendor
Fortinet
Vendor
CVE Published:
8 December 2021

Summary

An improper access control issue in FortiWeb versions 6.4.1 and earlier, and 6.3.15 and earlier allows unauthorized and unauthenticated users to access sensitive log reports through direct URL manipulation. This vulnerability exposes critical logging information, potentially compromising the security posture of affected systems.

Affected Version(s)

Fortinet FortiWeb FortiWeb 6.4.1, 6.4.0, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.