CVE Vulnerabilities

CVE-2024-46671

Incorrect User Management

Published: Apr 08, 2025 | Modified: Jul 24, 2025
CVSS 3.x
7.2
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform operations on the dashboard of other administrators via crafted requests.

Weakness

The product does not properly manage a user within its environment.

Affected Software

Name Vendor Start Version End Version
Fortiweb Fortinet 7.0.0 (including) 7.2.11 (excluding)
Fortiweb Fortinet 7.4.0 (including) 7.4.7 (excluding)
Fortiweb Fortinet 7.6.0 (including) 7.6.3 (excluding)

References