Fortinet

Fortiweb

111 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2023-23778

  • EPSS 0.21%
  • Veröffentlicht 16.02.2023 19:15:14
  • Zuletzt bearbeitet 21.11.2024 07:46:48

A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web re...

8.8

CVE-2023-23779

  • EPSS 0.16%
  • Veröffentlicht 16.02.2023 19:15:14
  • Zuletzt bearbeitet 21.11.2024 07:46:48

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execut...

8.8

CVE-2023-23780

  • EPSS 0.65%
  • Veröffentlicht 16.02.2023 19:15:14
  • Zuletzt bearbeitet 21.11.2024 07:46:49

A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests.

8.8

CVE-2023-23781

  • EPSS 0.3%
  • Veröffentlicht 16.02.2023 19:15:14
  • Zuletzt bearbeitet 21.11.2024 07:46:49

A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically c...

7.8

CVE-2023-23782

  • EPSS 0.1%
  • Veröffentlicht 16.02.2023 19:15:14
  • Zuletzt bearbeitet 21.11.2024 07:46:49

A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows attacker to escalation of privilege via speci...

7.8

CVE-2023-23783

  • EPSS 0.05%
  • Veröffentlicht 16.02.2023 19:15:14
  • Zuletzt bearbeitet 21.11.2024 07:46:49

A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.

6.5

CVE-2023-23784

  • EPSS 0.21%
  • Veröffentlicht 16.02.2023 19:15:14
  • Zuletzt bearbeitet 21.11.2024 07:46:49

A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests.

7.8

CVE-2023-25602

  • EPSS 0.1%
  • Veröffentlicht 16.02.2023 19:15:14
  • Zuletzt bearbeitet 21.11.2024 07:49:48

A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earl...

7.8

CVE-2022-40683

  • EPSS 0.08%
  • Veröffentlicht 16.02.2023 19:15:13
  • Zuletzt bearbeitet 21.11.2024 07:21:51

A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may allows attacker to execute unauthorized code or commands via specially crafted commands

4.3

CVE-2022-30299

  • EPSS 0.39%
  • Veröffentlicht 16.02.2023 19:15:12
  • Zuletzt bearbeitet 21.11.2024 07:02:31

A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files f...