CVSSv3 Score: 7.1
A reliance on cookie without validation or integrity checking vulnerability [CWE-565] in FortiWeb may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies requiring knowledge of the FortiWeb serial number.FortiAppSec Cloud is NOT impacted by this vulnerability.
Revised on 2025-12-09 00:00:00
