Unauthenticated Access to Protected Hosts via Crafted HTTP Requests in Fortinet FortiWeb
CVE-2021-36190 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests.
Learn more about our Cis Benchmark Audit For Fortinet.