Fortinet

Fortiweb

107 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.7

CVE-2024-55593

  • EPSS 0.09%
  • Published 14.01.2025 14:15:34
  • Last modified 03.02.2025 22:06:19

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries

9.1

CVE-2024-48884

  • EPSS 0.54%
  • Published 14.01.2025 14:15:32
  • Last modified 08.08.2025 16:00:27

A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0...

6.7

CVE-2024-21758

  • EPSS 0.02%
  • Published 14.01.2025 14:15:28
  • Last modified 24.07.2025 19:59:23

A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack prote...

4.4

CVE-2024-36509

  • EPSS 0.03%
  • Published 12.11.2024 19:15:10
  • Last modified 14.11.2024 20:33:44

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authen...

4.8

CVE-2024-33509

  • EPSS 0.15%
  • Published 09.07.2024 16:15:05
  • Last modified 21.11.2024 09:17:02

An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tam...

8.8

CVE-2024-23665

  • EPSS 0.2%
  • Published 03.06.2024 10:15:12
  • Last modified 17.12.2024 16:43:37

Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and below, version 6.4.3 and below, version 6.3.23 and below may allow an authenticated attacker to perform unautho...

5.5

CVE-2024-23107

  • EPSS 0.13%
  • Published 03.06.2024 08:15:08
  • Last modified 17.12.2024 16:51:35

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, 6.3 all versions may allow an authenticated attacker to read password hashes of other a...

5.3

CVE-2023-46713

  • EPSS 0.15%
  • Published 13.12.2023 07:15:24
  • Last modified 21.11.2024 08:29:08

An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application.

8.8

CVE-2023-34984

  • EPSS 0.48%
  • Published 13.09.2023 13:15:08
  • Last modified 21.11.2024 08:07:46

A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

7.2

CVE-2023-23777

  • EPSS 0.31%
  • Published 11.07.2023 09:15:09
  • Last modified 21.11.2024 07:46:48

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary ...