vulnerability
Fortinet FortiManager: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CVE-2023-44256)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:A/AC:L/Au:N/C:C/I:N/A:N) | Oct 20, 2023 | Nov 14, 2023 | Apr 7, 2026 |
Severity
6
CVSS
(AV:A/AC:L/Au:N/C:C/I:N/A:N)
Published
Oct 20, 2023
Added
Nov 14, 2023
Modified
Apr 7, 2026
Description
A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.
Solutions
fortinet-fortimanager-upgrade-7_0_7fortinet-fortimanager-upgrade-7_0_8fortinet-fortimanager-upgrade-7_2_3fortinet-fortimanager-upgrade-7_2_4fortinet-fortimanager-upgrade-7_4_0fortinet-fortimanager-upgrade-7_4_1
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.