Incorrect User Management Vulnerability in FortiWeb by Fortinet
CVE-2024-46671

7.2HIGH

Key Information:

Vendor: Fortinet
Status: Fortiweb
Vendor: CVE Published:; 8 April 2025

What is CVE-2024-46671?

An Incorrect User Management vulnerability exists in FortiWeb products, allowing authenticated users with read-only admin permissions to manipulate the dashboard of other administrators through specially crafted requests. This flaw can compromise the integrity and security of the administrative interface, potentially allowing attackers to access sensitive features and data within the application.

Affected Version(s)

FortiWeb 7.6.0 <= 7.6.2

FortiWeb 7.4.0 <= 7.4.6

FortiWeb 7.2.0 <= 7.2.10

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-184

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Sep 11, 2024