Improper Access Control in FortiWeb Affects Log Reports
CVE-2021-41013
5.3MEDIUM
What is CVE-2021-41013?
An improper access control issue in FortiWeb versions 6.4.1 and earlier, and 6.3.15 and earlier allows unauthorized and unauthenticated users to access sensitive log reports through direct URL manipulation. This vulnerability exposes critical logging information, potentially compromising the security posture of affected systems.
Affected Version(s)
Fortinet FortiWeb FortiWeb 6.4.1, 6.4.0, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0