Common Vulnerabilities and Exposures

This release of FortiWLM is no longer vulnerable to the following.

Vulnerability	Description
CWE-23	Relative Path Traversal.
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-34993	Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling.
CVE-2023-36547	Cross-Site Request Forgery (CSRF) vulnerability in AREOI All Bootstrap Blocks plugin.
CVE-2023-36548	Improper access control in Zoom Rooms for Windows.
CVE-2023-36549	Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
CVE-2023-36550	A SQL injection vulnerability in BMC Control-M.

This release of FortiWLM is no longer vulnerable to the following.

Vulnerability

Description

CWE-23

Relative Path Traversal.

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2023-34993

Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling.

CVE-2023-36547

Cross-Site Request Forgery (CSRF) vulnerability in AREOI All Bootstrap Blocks plugin.

CVE-2023-36548

Improper access control in Zoom Rooms for Windows.

CVE-2023-36549

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.

CVE-2023-36550

A SQL injection vulnerability in BMC Control-M.