Fortinet

Fortiweb

111 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-22254

  • EPSS 0.05%
  • Veröffentlicht 10.06.2025 16:36:17
  • Zuletzt bearbeitet 22.07.2025 21:25:11

An Improper Privilege Management vulnerability [CWE-269] affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16 and before 6.4.15, FortiProxy version 7.6.0 through 7.6.1 and before 7.4....

7.2

CVE-2025-25254

Medienbericht
  • EPSS 0.14%
  • Veröffentlicht 08.04.2025 14:15:32
  • Zuletzt bearbeitet 22.07.2025 21:23:37

An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, 7.2 all versions, 7.0 all versions endpoint may allow an authenticated admin to acc...

7.2

CVE-2024-46671

Medienbericht
  • EPSS 0.06%
  • Veröffentlicht 08.04.2025 14:15:31
  • Zuletzt bearbeitet 24.07.2025 19:57:38

An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an authenticated attacker with at least read-only admin ...

7.5

CVE-2024-50565

Medienbericht
  • EPSS 0.05%
  • Veröffentlicht 08.04.2025 14:15:31
  • Zuletzt bearbeitet 25.07.2025 15:22:38

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15 and 6.2.0 through 6.2.16, Fortinet FortiPro...

7.5

CVE-2024-26013

Medienbericht
  • EPSS 0.06%
  • Veröffentlicht 08.04.2025 14:15:30
  • Zuletzt bearbeitet 25.07.2025 15:22:20

A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15 and before 6.2.16, Fortinet FortiProxy vers...

9.8

CVE-2023-25610

Warnung
  • EPSS 25.03%
  • Veröffentlicht 24.03.2025 15:39:48
  • Zuletzt bearbeitet 24.07.2025 19:56:34

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 t...

9.8

CVE-2024-55594

  • EPSS 0.14%
  • Veröffentlicht 14.03.2025 16:25:33
  • Zuletzt bearbeitet 24.07.2025 20:14:38

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least vesrions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.

7.2

CVE-2022-29059

  • EPSS 0.07%
  • Veröffentlicht 14.03.2025 15:45:33
  • Zuletzt bearbeitet 24.07.2025 20:01:42

An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL comm...

7.2

CVE-2024-45324

  • EPSS 0.06%
  • Veröffentlicht 11.03.2025 14:54:33
  • Zuletzt bearbeitet 24.07.2025 19:06:14

A use of externally-controlled format string vulnerability [CWE-134] in FortiOS version 7.4.0 through 7.4.4, version 7.2.0 through 7.2.9, version 7.0.0 through 7.0.15 and before 6.4.15, FortiProxy version 7.4.0 through 7.4.6, version 7.2.0 through 7....

9.8

CVE-2023-42784

  • EPSS 0.12%
  • Veröffentlicht 11.03.2025 14:54:28
  • Zuletzt bearbeitet 22.07.2025 21:22:27

An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests.