What is the severity of FG-IR-24-184?

The FG-IR-24-184 vulnerability is classified as a medium severity due to its potential impact on user management in FortiWeb.

How do I fix FG-IR-24-184?

To fix FG-IR-24-184, ensure that FortiWeb is updated to version 7.6.3 or later, 7.4.7 or later, or 7.2.11 or later, depending on your current version.

Who is affected by FG-IR-24-184?

FG-IR-24-184 affects authenticated users with read-only admin permissions in Fortinet's FortiWeb dashboard.

What type of vulnerability is FG-IR-24-184?

FG-IR-24-184 is an Incorrect User Management vulnerability classified under CWE-286.

Can an attacker exploit FG-IR-24-184 remotely?

Yes, an authenticated attacker can exploit FG-IR-24-184 remotely through crafted requests to perform unauthorized operations.

Vulnerability/
FG-IR-24-184

medium

5.6

8/4/2025

FG-IR-24-184: Incorrect user management in widgets dashboard

First published: Tue Apr 08 2025(Updated: )

An Incorrect User Management vulnerability [CWE-286] in FortiWeb widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform operations on the dashboard of other administrators via crafted requests.

Affected Software	Affected Version	How to fix
Fortinet FortiWeb	>=7.6.0<=7.6.2
Fortinet FortiWeb	>=7.4.0<=7.4.6
Fortinet FortiWeb	>=7.2.0<=7.2.10
Fortinet FortiWeb	>=7.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of FG-IR-24-184?
The FG-IR-24-184 vulnerability is classified as a medium severity due to its potential impact on user management in FortiWeb.
How do I fix FG-IR-24-184?
To fix FG-IR-24-184, ensure that FortiWeb is updated to version 7.6.3 or later, 7.4.7 or later, or 7.2.11 or later, depending on your current version.
Who is affected by FG-IR-24-184?
FG-IR-24-184 affects authenticated users with read-only admin permissions in Fortinet's FortiWeb dashboard.
What type of vulnerability is FG-IR-24-184?
FG-IR-24-184 is an Incorrect User Management vulnerability classified under CWE-286.
Can an attacker exploit FG-IR-24-184 remotely?
Yes, an authenticated attacker can exploit FG-IR-24-184 remotely through crafted requests to perform unauthorized operations.

collector/fortiguard-psirt-latest
source/FortiGuard
alias/CVE-2024-46671
agent/severity
agent/references
agent/title
agent/source
agent/last-modified-date
agent/softwarecombine
agent/type
agent/description
agent/first-publish-date
agent/tags
agent/event
collector/fortiguard-psirt
agent/software-canonical-lookup
vendor/fortinet
canonical/fortinet fortiweb
version/fortinet fortiweb/7.6.0
version/fortinet fortiweb/7.6.2
version/fortinet fortiweb/7.4.0
version/fortinet fortiweb/7.4.6
version/fortinet fortiweb/7.2.0
version/fortinet fortiweb/7.2.10
version/fortinet fortiweb/7.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.