Total
31 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7731 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. | |||||
| CVE-2017-7343 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. | |||||
| CVE-2017-7342 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button | |||||
| CVE-2017-7340 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality. | |||||
| CVE-2017-7339 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. | |||||
| CVE-2017-7338 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. | |||||
| CVE-2017-7337 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request. | |||||
| CVE-2024-21759 | 1 Fortinet | 1 Fortiportal | 2024-09-09 | N/A | 4.3 MEDIUM |
| An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests. | |||||
| CVE-2024-23105 | 1 Fortinet | 1 Fortiportal | 2024-05-23 | N/A | 7.5 HIGH |
| A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets. | |||||
| CVE-2024-21761 | 1 Fortinet | 1 Fortiportal | 2024-03-21 | N/A | 4.3 MEDIUM |
| An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload. | |||||
| CVE-2023-41842 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Bigdata, Fortimanager and 1 more | 2024-03-21 | N/A | 6.7 MEDIUM |
| A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments. | |||||
| CVE-2023-48783 | 1 Fortinet | 1 Fortiportal | 2024-02-28 | N/A | 5.4 MEDIUM |
| An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests. | |||||
| CVE-2023-46712 | 1 Fortinet | 1 Fortiportal | 2024-02-28 | N/A | 8.8 HIGH |
| A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests. | |||||
| CVE-2023-48791 | 1 Fortinet | 1 Fortiportal | 2024-02-28 | N/A | 8.8 HIGH |
| An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field. | |||||
| CVE-2022-41336 | 1 Fortinet | 1 Fortiportal | 2024-02-28 | N/A | 4.8 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via sending request with specially crafted columnindex parameter. | |||||
| CVE-2022-27490 | 1 Fortinet | 4 Fortianalyzer, Fortimanager, Fortiportal and 1 more | 2024-02-28 | N/A | 6.5 MEDIUM |
| A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands. | |||||
| CVE-2022-43954 | 1 Fortinet | 1 Fortiportal | 2024-02-28 | N/A | 6.5 MEDIUM |
| An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page. | |||||
| CVE-2021-26104 | 1 Fortinet | 3 Fortianalyzer, Fortimanager, Fortiportal | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters. | |||||
| CVE-2021-36171 | 1 Fortinet | 1 Fortiportal | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame. | |||||
| CVE-2021-42757 | 1 Fortinet | 13 Fortiadc, Fortianalyzer, Fortimail and 10 more | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. | |||||