CVE-2021-41026

Summary

A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiWebFortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15affected

Weaknesses

  • Improper access control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References