Total
31 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-36168 | 1 Fortinet | 1 Fortiportal | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values. | |||||
CVE-2021-32594 | 1 Fortinet | 1 Fortiportal | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of specifically crafted files. | |||||
CVE-2021-32596 | 1 Fortinet | 1 Fortiportal | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables. | |||||
CVE-2021-32590 | 1 Fortinet | 1 Fortiportal | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests. | |||||
CVE-2017-7342 | 1 Fortinet | 1 Fortiportal | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button | |||||
CVE-2017-7340 | 1 Fortinet | 1 Fortiportal | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality. | |||||
CVE-2017-7338 | 1 Fortinet | 1 Fortiportal | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. | |||||
CVE-2017-7337 | 1 Fortinet | 1 Fortiportal | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request. | |||||
CVE-2017-7339 | 1 Fortinet | 1 Fortiportal | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. | |||||
CVE-2017-7343 | 1 Fortinet | 1 Fortiportal | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. | |||||
CVE-2017-7731 | 1 Fortinet | 1 Fortiportal | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. |