PSIRT Advisory

Information disclosure through diagnose debug commands in FortiWeb

Summary

An information exposure vulnerability in FortiWeb CLI may allow an authenticated user to view sensitive information being logged via diagnose debug commands.

Impact

Information disclosure

Affected Products

FortiWeb 6.2.0 and below.

Solutions

Please upgrade to FortiWeb 6.3.0, 6.2.1 or above.

Acknowledgement

Fortinet is pleased to thank Danilo Costa from PBI for reporting this vulnerability under responsible disclosure.