FortiMail / FortiNDR / FortiWeb - Path traversal vulnerabilities
Summary
Multiple Path traversal vulnerabilities in FortiMail, FortiNDR & FortiWeb may allow a regular user to obtain unauthorized access to files and data via specifically crafted web requests.
Affected Products
FortiMail 6.4.3 and below.
FortiMail 6.2.6 and below.
FortiMail 6.0.10 and below.
FortiMail 5.4.12 and below.
At least
FortiWeb version 5.9.0 through 5.9.2
FortiWeb version 6.0.0 through 6.0.8
FortiWeb version 6.1.0 through 6.1.3
FortiWeb version 6.2.0 through 6.2.7
FortiWeb version 6.3.0 through 6.3.17
FortiWeb version 6.4.0 through 6.4.2
FortiWeb version 7.0.0
FortiNDR version 1.1.0
FortiNDR version 1.2.0
FortiNDR version 1.3.0 through 1.3.1
FortiNDR version 1.4.0
FortiNDR version 1.5.0 through 1.5.3
Solutions
Upgrade to FortiMail version 7.0.0 or above,
Upgrade to FortiMail version 6.4.4 or above,
Upgrade to FortiMail version 6.2.7 or above.
Upgrade to FortiMail version 6.0.11 or above.
Upgrade to FortiNDR version 7.0.0 or above.
Please upgrade to FortiWeb version 7.0.1 or above,
Please upgrade to FortiWeb version 6.4.3 or above,
Please upgrade to FortiWeb version 6.3.18 or above.