A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.
https://fortiguard.fortinet.com/psirt/FG-IR-24-097
Source: Mitre, NVD
Published: 2025-01-14
Updated: 2025-03-19
Base Score: 6.8
Vector: CVSS2#AV:N/AC:L/Au:M/C:N/I:P/A:C
Severity: Medium
Base Score: 5.5
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
EPSS: 0.00402