CVE-2023-46713Improper Output Neutralization for Logs in Fortinet Fortiweb

CWE-117Improper Output Neutralization for Logs4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 64.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiweb
Timeline
PublishedDec 13

Description

An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5fortinet/fortiweb7.2.07.2.5+4
NVDfortinet/fortiweb6.2.06.2.8+4

🔴Vulnerability Details

2
CVEList
CVE-2023-46713: An improper output neutralization for logs in Fortinet FortiWeb 62023-12-13
GHSA
GHSA-f8xj-xxr8-6q36: An improper output neutralization for logs in Fortinet FortiWeb 62023-12-13

📋Vendor Advisories

1
Fortinet
An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7...2023-12-13
CVE-2023-46713 — Fortinet Fortiweb vulnerability | cvebase