Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Resolved issues

The following issues have been resolved in FortiADC 7.0.2 release. For inquiries about particular bugs, please contact Fortinet Customer Service & Support.

Bug ID

Description

0808086 FortiADC is not sending some requests to the backend server when the WAF profile is assigned to the virtual server.
0806865 False positives triggered in DOS HTTP request flood protection due to inaccurate request count caused by timer being too busy.
0805652 Cannot revert preconfigured Automation Stitch to default settings once it has been modified.

0805421

L4 FTP restricted to port 21.

0805167 User access issue on VDOM permission due to REST API return error.
0804961 Incorrect behavior in automation Email actions.
0804489 L7 Virtual Server accepts only one SSH session.
0795719 GSLB Cloud Connector and CLI commands not working.
0795569 Httproxy crash resulting in HA disconnection.
0794998 Insecure MAC algorithms in use: umac-64.
0793892 DNS cannot resolve when there are many addresses for one FQDN.
0792981 In HA cluster, management interface is unstable after upgrade from FortiADC 6.2.1 to 6.2.2.
0786198 Two members of the HA cluster unexpectedly reboot at the same time.
0726385 Sync-list auth fail for FortiADC in Azure.
Common Vulnerabilities and Exposures

For more information, visit https://www.fortiguard.com/psirt.

Bug ID Description
0797218/0790808/0790807 FortiADC 7.0.2 is no longer vulnerable to the following CVE-Reference: CWE-78: Improper Neutralization of Special Elements used in an OS Command ("OS Command Injection").

0791753

FortiADC 7.0.2 is no longer vulnerable to the following CVE-Reference: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection").

0775523

FortiADC 7.0.2 is no longer vulnerable to the following CVE-Reference: CWE-610: Externally Controlled Reference to a Resource in Another Sphere.

Resolved issues

The following issues have been resolved in FortiADC 7.0.2 release. For inquiries about particular bugs, please contact Fortinet Customer Service & Support.

Bug ID

Description

0808086 FortiADC is not sending some requests to the backend server when the WAF profile is assigned to the virtual server.
0806865 False positives triggered in DOS HTTP request flood protection due to inaccurate request count caused by timer being too busy.
0805652 Cannot revert preconfigured Automation Stitch to default settings once it has been modified.

0805421

L4 FTP restricted to port 21.

0805167 User access issue on VDOM permission due to REST API return error.
0804961 Incorrect behavior in automation Email actions.
0804489 L7 Virtual Server accepts only one SSH session.
0795719 GSLB Cloud Connector and CLI commands not working.
0795569 Httproxy crash resulting in HA disconnection.
0794998 Insecure MAC algorithms in use: umac-64.
0793892 DNS cannot resolve when there are many addresses for one FQDN.
0792981 In HA cluster, management interface is unstable after upgrade from FortiADC 6.2.1 to 6.2.2.
0786198 Two members of the HA cluster unexpectedly reboot at the same time.
0726385 Sync-list auth fail for FortiADC in Azure.
Common Vulnerabilities and Exposures

For more information, visit https://www.fortiguard.com/psirt.

Bug ID Description
0797218/0790808/0790807 FortiADC 7.0.2 is no longer vulnerable to the following CVE-Reference: CWE-78: Improper Neutralization of Special Elements used in an OS Command ("OS Command Injection").

0791753

FortiADC 7.0.2 is no longer vulnerable to the following CVE-Reference: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection").

0775523

FortiADC 7.0.2 is no longer vulnerable to the following CVE-Reference: CWE-610: Externally Controlled Reference to a Resource in Another Sphere.