A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/psirt/FG-IR-22-151 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 04:07
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files. |
28 Feb 2023, 19:52
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
24 Feb 2023, 19:57
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-787 | |
| References | (MISC) https://fortiguard.com/psirt/FG-IR-22-151 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.0 |
| First Time |
Fortinet fortiweb
Fortinet |
|
| CPE | cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* |
16 Feb 2023, 19:39
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-02-16 19:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-23781
Mitre link : CVE-2023-23781
CVE.ORG link : CVE-2023-23781
JSON object : View
Products Affected
fortinet
- fortiweb