Fortinet

Fortiportal

42 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2024-45329

  • EPSS 0.04%
  • Veröffentlicht 10.06.2025 16:36:06
  • Zuletzt bearbeitet 22.07.2025 21:24:55

A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized device information via key modification...

2.7

CVE-2025-46777

  • EPSS 0.04%
  • Veröffentlicht 28.05.2025 07:56:03
  • Zuletzt bearbeitet 04.06.2025 15:37:37

A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.9 may allow an authenticated attacker with at least read-only admin permissions to view encrypted ...

4.8

CVE-2024-40590

  • EPSS 0.03%
  • Veröffentlicht 14.03.2025 15:02:47
  • Zuletzt bearbeitet 24.07.2025 18:48:26

An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server ma...

8.6

CVE-2025-24470

  • EPSS 0.21%
  • Veröffentlicht 11.02.2025 17:15:34
  • Zuletzt bearbeitet 22.07.2025 21:38:50

An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may allow a remote unauthenticated attacker to retrieve source code via crafted HTTP requests.

4.8

CVE-2024-52967

  • EPSS 0.09%
  • Veröffentlicht 14.01.2025 14:15:33
  • Zuletzt bearbeitet 03.02.2025 21:59:09

An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection.

4.3

CVE-2024-35278

  • EPSS 0.15%
  • Veröffentlicht 14.01.2025 14:15:30
  • Zuletzt bearbeitet 31.01.2025 17:09:31

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when s...

9.8

CVE-2021-32589

  • EPSS 7.88%
  • Veröffentlicht 19.12.2024 13:15:05
  • Zuletzt bearbeitet 31.01.2025 17:42:05

A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below ...

9.8

CVE-2024-26011

  • EPSS 0.05%
  • Veröffentlicht 12.11.2024 19:15:08
  • Zuletzt bearbeitet 12.12.2024 19:33:58

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version...

8.1

CVE-2023-47543

  • EPSS 0.11%
  • Veröffentlicht 12.11.2024 19:15:07
  • Zuletzt bearbeitet 02.01.2025 18:29:53

An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests.

4.3

CVE-2024-21759

  • EPSS 0.16%
  • Veröffentlicht 09.07.2024 16:15:04
  • Zuletzt bearbeitet 21.11.2024 08:54:57

An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests.