CVE-2014-3115
FortiWeb < 5.2.0 - Cross-Site Request Forgery via Admin Add Endpoint
Title source: llmDescription
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
http://www.fortiguard.com/advisory/FG-IR-14-013/
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/902790
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/May/30
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030200
Scores
EPSS
0.0021
EPSS Percentile
43.8%
Details
CWE
CWE-352
Status
published
Products (5)
fortinet/fortiweb
5.1.0
fortinet/fortiweb
5.1.1
fortinet/fortiweb
5.1.2
fortinet/fortiweb
5.1.3
fortinet/fortiweb
< 5.1.4
Published
May 08, 2014
Tracked Since
Feb 18, 2026