Incorrect User Management Vulnerability in FortiWeb by Fortinet
CVE-2024-46671

5.6MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortiweb
Vendor: CVE Published:; 8 April 2025

Summary

An Incorrect User Management vulnerability exists in FortiWeb products, allowing authenticated users with read-only admin permissions to manipulate the dashboard of other administrators through specially crafted requests. This flaw can compromise the integrity and security of the administrative interface, potentially allowing attackers to access sensitive features and data within the application.

Affected Version(s)

FortiWeb 7.6.0 <= 7.6.2

FortiWeb 7.4.0 <= 7.4.6

FortiWeb 7.2.0 <= 7.2.10

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-184

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Sep 11, 2024