A reliance on cookies without validation and integrity checking vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies, requiring prior knowledge of the FortiWeb serial number.
2025-12-09T18:16:05.227
2025-12-09T20:40:27.990
Analyzed
CVSSv3.1: 8.1 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | fortinet | fortiweb | ≤ 7.0.11 | Yes |
| Application | fortinet | fortiweb | ≤ 7.2.11 | Yes |
| Application | fortinet | fortiweb | ≤ 7.4.10 | Yes |
| Application | fortinet | fortiweb | ≤ 7.6.5 | Yes |
| Application | fortinet | fortiweb | ≤ 8.0.1 | Yes |