Vulnerabilities > Fortinet > Fortiweb > 6.3.21

DATE CVE VULNERABILITY TITLE RISK
2023-02-16 CVE-2023-23778 Path Traversal vulnerability in Fortinet Fortiweb
A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests.
network
low complexity
fortinet CWE-22
6.5
6.5
2023-02-16 CVE-2023-23784 Path Traversal vulnerability in Fortinet Fortiweb
A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests.
network
low complexity
fortinet CWE-22
6.5
6.5
2023-01-03 CVE-2022-42471 Injection vulnerability in Fortinet Fortiweb
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers.
network
low complexity
fortinet CWE-74
5.4
5.4