CVE-2022-33874
- EPSS 1.6%
- Published 18.10.2022 15:15:09
- Last modified 21.11.2024 07:08:30
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated r...
CVE-2022-35844
- EPSS 0.26%
- Published 18.10.2022 14:15:09
- Last modified 21.11.2024 07:11:48
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an authenticated attacker to execute unauth...
CVE-2022-35846
- EPSS 0.38%
- Published 18.10.2022 14:15:09
- Last modified 21.11.2024 07:11:48
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiTester Telnet port 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow an unauthenticated attacker to guess the credentials of an admin u...
CVE-2020-12815
- EPSS 0.18%
- Published 24.09.2020 18:15:16
- Last modified 21.11.2024 05:00:19
An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields.
CVE-2020-12817
- EPSS 0.25%
- Published 24.09.2020 15:15:13
- Last modified 21.11.2024 05:00:20
An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.