CNNVD-202511-2014 Information
CNNVD ID
CNNVD-202511-2014
Related CVE
- CNNVD Published: 2025-11-18
Description (Chinese)
Fortinet FortiWeb是美国飞塔(Fortinet)公司的一款Web应用层防火墙,它能够阻断如跨站点脚本、SQL注入、Cookie中毒、schema中毒等攻击的威胁,保证Web应用程序的安全性并保护敏感的数据库内容。 Fortinet FortiWeb存在信任管理问题漏洞,该漏洞源于使用硬编码凭证,可能导致访问redis服务数据。以下版本受到影响:7.6.0版本、7.4所有版本、7.2所有版本和7.0所有版本。
Description (English)
Fortinet FortiWeb, a fireproof wall for the Fortinet application of the United States, can disrupt the threat of attacks such as cross-site scripts, SQL injections, Cookie poisoning and schema poisoning, ensure the safety of Web applications and protect sensitive database content. Fortinet FortiWeb had a trust management gap, which stemmed from the use of hard-coded vouchers and could lead to access to the redis service data. The following versions were affected: 7.6, 7.4, 7.2 and 7.0.
Hazard Level
High
Vulnerability Type
信任管理问题
Affected Vendor
飞塔
Published
2025-11-18
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-25-843 https://access.redhat.com/security/cve/cve-2025-59669
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-25-843
Share on: