Fortinet

Fortideceptor

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2024-35280

  • EPSS 0.2%
  • Veröffentlicht 15.01.2025 11:15:09
  • Zuletzt bearbeitet 04.02.2026 14:16:07

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions,...

4.3

CVE-2024-45326

  • EPSS 0.1%
  • Veröffentlicht 14.01.2025 14:15:31
  • Zuletzt bearbeitet 04.02.2026 14:16:08

An Improper Access Control vulnerability [CWE-284] vulnerability in Fortinet FortiDeceptor 6.0.0, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an authenticate...

8.8

CVE-2022-27487

  • EPSS 0.97%
  • Veröffentlicht 11.04.2023 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:55:49

A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unautho...

5.3

CVE-2023-26209

  • EPSS 7.27%
  • Veröffentlicht 09.03.2023 15:15:09
  • Zuletzt bearbeitet 21.11.2024 07:50:55

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the log...

7.5

CVE-2022-30305

  • EPSS 0.22%
  • Veröffentlicht 06.12.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 07:02:32

An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 thro...

5.4

CVE-2022-38373

  • EPSS 0.84%
  • Veröffentlicht 02.11.2022 12:15:54
  • Zuletzt bearbeitet 21.11.2024 07:16:20

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending r...

8.1

CVE-2022-30302

  • EPSS 0.46%
  • Veröffentlicht 19.07.2022 14:15:08
  • Zuletzt bearbeitet 21.11.2024 07:02:31

Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from th...

9

CVE-2020-29017

  • EPSS 5.55%
  • Veröffentlicht 14.01.2021 16:15:18
  • Zuletzt bearbeitet 21.11.2024 05:23:30

An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.

8.1

CVE-2020-6644

  • EPSS 0.41%
  • Veröffentlicht 22.06.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:36:05

An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical...