====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN531
_____________________________________________________________________

DATE                : 22/09/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running FortiWeb versions prior to 6.3.0,
                                            6.2.1.

=====================================================================
https://www.fortiguard.com/psirt/FG-IR-19-269
_____________________________________________________________________


Information disclosure through diagnose debug commands in FortiWeb


Summary

An information exposure vulnerability in FortiWeb CLI may allow an
authenticated user to view sensitive information being logged via
diagnose debug commands.


Impact

Information disclosure


Affected Products

FortiWeb 6.2.0 and below.


Solutions

Please upgrade to FortiWeb 6.3.0, 6.2.1 or above.


Acknowledgement

Fortinet is pleased to thank Danilo Costa from PBI for reporting this
vulnerability under responsible disclosure.

=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================