CVE-2024-36511
published 2024-09-10CVE-2024-36511: An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions…
low3.7CVSS 3.1
AVNACHPRNUINSUCLINAN
An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortiadc | — | — |
| fortinet | fortiadc | >= 6.0.0 < 7.4.5 | 7.4.5 |
| fortinet | fortiadc | 6.0.0 – 6.0.4 | — |
| fortinet | fortiadc | 6.1.0 – 6.1.6 | — |
| fortinet | fortiadc | 6.2.0 – 6.2.6 | — |
| fortinet | fortiadc | 7.0.0 – 7.0.5 | — |
| fortinet | fortiadc | 7.1.0 – 7.1.4 | — |
| fortinet | fortiadc | 7.2.0 – 7.2.7 | — |
| fortinet | fortiadc | 7.4.0 – 7.4.4 | — |