Fortinet

Fortiweb

107 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2021-36191

  • EPSS 0.08%
  • Veröffentlicht 08.12.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:13:17

A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to use the device as proxy via crafted GET parameters in requests to error handlers

7.5

CVE-2021-41014

  • EPSS 0.41%
  • Veröffentlicht 08.12.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:25:15

A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets

6.1

CVE-2021-41015

  • EPSS 0.47%
  • Veröffentlicht 08.12.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:25:15

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login han...

5.3

CVE-2021-32591

  • EPSS 0.17%
  • Veröffentlicht 08.12.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:07:20

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession ...

8.8

CVE-2021-36180

  • EPSS 0.52%
  • Veröffentlicht 08.12.2021 11:15:11
  • Zuletzt bearbeitet 21.11.2024 06:13:16

Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or co...

6.7

CVE-2021-42757

  • EPSS 0.08%
  • Veröffentlicht 08.12.2021 11:15:11
  • Zuletzt bearbeitet 21.11.2024 06:28:06

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

7.5

CVE-2021-36187

  • EPSS 0.6%
  • Veröffentlicht 02.11.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:13:16

A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to cause a denial of service for webserver daemon via crafted HTTP requests

9.8

CVE-2021-36186

  • EPSS 0.43%
  • Veröffentlicht 02.11.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 06:13:16

A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests

5.4

CVE-2021-36175

  • EPSS 0.19%
  • Veröffentlicht 06.10.2021 10:15:07
  • Zuletzt bearbeitet 21.11.2024 06:13:15

An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various s...

8.8

CVE-2021-36179

  • EPSS 0.43%
  • Veröffentlicht 08.09.2021 11:15:07
  • Zuletzt bearbeitet 21.11.2024 06:13:15

A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution