An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform operations on the dashboard of other administrators via crafted requests.
The product does not properly manage a user within its environment.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Fortiweb | Fortinet | 7.0.0 (including) | 7.2.11 (excluding) |
Fortiweb | Fortinet | 7.4.0 (including) | 7.4.7 (excluding) |
Fortiweb | Fortinet | 7.6.0 (including) | 7.6.3 (excluding) |