Headline
CVE-2023-34984: Fortiguard
A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.
** PSIRT Advisories**
FortiWeb - Insufficient protections against XSS and CSRF
Summary
A protection mechanism failure [CWE-693] vulnerability in FortiWeb may allow an attacker to bypass XSS and CSRF protections.
Affected Products
FortiWeb version 7.2.0 through 7.2.1
FortiWeb version 7.0.0 through 7.0.6
FortiWeb 6.4 all versions
FortiWeb 6.3 all versions
Solutions
Please upgrade to FortiWeb version 7.2.2 or above
Please upgrade to FortiWeb version 7.0.7 or above
Acknowledgement
Internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team.
Timeline
2023-09-05: Initial publication