Community Chatter

Path Traversal Vulnerability in ConnectWise ScreenConnect (CVE-2024-1708)

What is CVE-2024-1708? CVE-2024-1708 is a critical path traversal vulnerability impacting ConnectWise ScreenConnect versions up to 23.9.7. This flaw enables attackers to manipulate file paths, potenti...

Unpacking the CVE-2019-7256 Command Injection Vulnerability in Linear eMerge E3-Series

What is CVE-2019-7256? CVE-2019-7256 is a serious command injection vulnerability affecting Linear eMerge E3-Series access control systems. It stems from improper sanitization of user inputs, enabling...

FortiWeb Security Insights: Addressing XSS Vulnerability in Serenity Software (CVE-2023-31285)

FortiWeb Security Insights: Addressing XSS Vulnerability in Serenity Software (CVE-2023-31285) What is CVE-2023-31285? CVE-2023-31285 is a Cross-Site Scripting (XSS) vulnerability discovered in Sereni...

FortiAppSec Cloud Protecting Modern Applications in a Complex Environment

Modern applications are the backbone of digital transformation but protecting them has become a daunting challenge. Organizations are grappling with the complexity of multi-cloud environments, evolvin...

Using Amazon EC2 Image Builder to Publish Your Custom Images to AWS Marketplace

Introduction: Streamlining Software Deployment with AWS Marketplace Image Builder AWS Marketplace has introduced an innovative feature to simplify software deployment for customers and sellers alike: ...

Apache Tomcat Open Redirect Vulnerability CVE-2018-11784

What is CVE-2018-11784? CVE-2018-11784 is an open redirect vulnerability impacting several versions of Apache Tomcat, specifically versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90. T...

Cost optimization in AWS

For more than a decade, digital transformation has been the talk within businesses. One of the core elements in this journey is the migration to the public cloud, which adopts new ways of thinking and...

Demystifying FortiWeb SOC-as-a Service(SoCaaS)

FortiWeb SOCaaS: Comprehensive 24/7 Protection, Security Hardening, Incident Response, and Cloud Service Dashboard In an era where cyber threats continue to rise in frequency and sophistication, secur...

FortiWeb Security Insights: Shielding Apache InLong from Deserialization Attacks (CVE-2023-34434)

What is CVE-2023-34434? CVE-2023-34434 is a critical security vulnerability identified in Apache InLong, an open-source data collection and processing platform. This vulnerability affects versions 1.4...

FortiWeb Security Insights: Addressing CVE-2024-4577 PHP-CGI Argument Injection Vulnerability

What is CVE-2024-4577? CVE-2024-4577 is a severe security vulnerability found in PHP installations running in CGI mode. This flaw arises from inadequate input data handling, which can lead to attacker...

CVE-2024-3272 & CVE-2024-3273: Understanding D-Link NAS Vulnerabilities

What is the Critical D-Link NAS Vulnerabilities (CVE-2024-3272 and CVE-2024-3273)? Critical vulnerabilities CVE-2024-3272 and CVE-2024-3273 have been identified in multiple D-Link NAS (Network Attache...

FortiWeb Security Alert: CVE-2024-3651 Vulnerability in idna.encode

FortiWeb Security Alert: CVE-2024-3651 Vulnerability in idna.encode The Impact of CVE-2024-3651 In the realm of web security, vulnerabilities can often lead to severe consequences if left unaddressed....

FAQ for Shifting from FortiClient EMS to FortiSASE for Endpoint Management

A customer-facing FAQ is available in the FortiSASE Admin Guide for existing FortiClient EMS customers interested in shifting from FortiClient EMS to FortiSASE for endpoint management:https://docs.for...

FortiEdge Cloud: Simplifying Network Management at the Edge

In today's fast-paced digital landscape, the network edge has become a critical battleground for businesses. It's where users connect, data flows, and opportunities arise. But managing this dynamic en...

Mitigating Stored XSS and DoS Vulnerabilities in Edu-sharing (CVE-2024-28147)

What is CVE-2024-28147? CVE-2024-28147 is a critical security vulnerability that has been identified in the edu-sharing software. The edu-sharing is an open-source e-learning integration solution. The...

FortiWeb Security Alert: CVE-2024-3651 Vulnerability in idna.encode

The Impact of CVE-2024-3651 In the realm of web security, vulnerabilities can often lead to severe consequences if left unaddressed. One such critical issue is identified by CVE-2024-3651, a vulnerabi...

FortiGate in AWS Landing Zone Accelerator

Solution overview The Landing Zone Accelerator on AWS (LZA) for Canadian Centre for Cyber Security (CCCS) Cloud Medium is a specialized deployment designed in collaboration with national security enti...

FortiClient: A Comprehensive Solution for Schools

The Benefits of FortiClient for Educational Institutions Web Filtering For primary educational institutions child safety is paramount, including on-line safety, with the necessity for managing and con...

Addressing D-Link Device Vulnerabilities

Introduction D-Link, a global leader in networking solutions and is particularly renowned for its offerings tailored to small and medium-sized businesses (SMBs). Over the decades, D-Link has expanded ...

Addressing Information Disclosure Risks in Check Point Security Gateways (CVE-2024-24919)

What is Check Point CVE-2024-24919? CVE-2024-24919 is an information disclosure vulnerability that could enable an attacker to access sensitive information on internet-connected Gateways configured wi...

FortiToken Cloud(FTC) Makes Security Easier Than Ever

Why FortiToken Cloud? Many of today’s most damaging security breaches result from compromised user accounts and passwords. To address this issue, businesses of all sizes are seeking alternatives to pa...

FortiToken Cloud New Features

Many of today’s most damaging security breaches result from compromised user accounts and passwords. To address this issue, businesses of all sizes are seeking alternatives to password-only authentica...

Azure Virtual WAN Security Extends to Internet-Inbound Traffic with FortiGate VM

Last year we launched a network security solution in the Azure Marketplace that protects both east-west and north-south traffic as it passes through Azure Virtual WAN (vWAN). This security is provided...

How FortiSOAR Enhances Governance Across All Phases of NIST XFC (NIST IR 8473)

The rapid growth of electric vehicles (EVs) and the corresponding need for extreme fast charging (XFC) infrastructure have highlighted the importance of robust cybersecurity measures. The NIST Cyberse...

FortiEDR's software and content update release process

In light of recent cybersecurity events, we would like to remind FortiEDR customers and partners about our software and content update release process, as well as our overarching release strategy. The...

Addressing the XXE Vulnerability in Ivanti Connect Secure and Ivanti Policy Secure (CVE-2024-22024)

What is CVE-2024-22024? CVE-2024-22024 represents a critical XML External Entity (XXE) vulnerability identified in the SAML (Security Assertion Markup Language) components of Ivanti Connect Secure and...

Ensuring a Smooth Transition: FortiWeb Cloud Support for Upcoming Let's Encrypt Updates

Introduction With the latest updates to the Let's Encrypt CA certificate, our goal is to ensure minimal disruption to your operations. Let's Encrypt, a highly trusted Certificate Authority (CA) known ...

FortiWeb Security Advisory: Critical SQL Injection Vulnerability in LayerSlider WordPress Plugin

What is CVE-2024-2879? CVE-2024-2879 is a critical security vulnerability identified in the LayerSlider plugin for WordPress, impacting versions 7.9.11 and 7.10.0. This vulnerability centers around an...

Critical Vulnerability CVE-2024-1709 in ConnectWise ScreenConnect

Critical Vulnerability CVE-2024-1709 in ConnectWise ScreenConnect What is CVE-2024-1709? CVE-2024-1709 is a critical security vulnerability found in ConnectWise ScreenConnect, impacting versions up to...