Filtered by vendor Fortinet
Subscriptions
Filtered by product Fortiportal
Subscriptions
Total
38 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52967 | 1 Fortinet | 1 Fortiportal | 2025-02-03 | 3.3 Low |
| An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection. | ||||
| CVE-2021-32589 | 1 Fortinet | 3 Fortianalyzer, Fortimanager, Fortiportal | 2025-01-31 | 7.7 High |
| A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device. | ||||
| CVE-2024-35278 | 1 Fortinet | 1 Fortiportal | 2025-01-31 | 4.1 Medium |
| A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request. | ||||
| CVE-2023-48789 | 1 Fortinet | 1 Fortiportal | 2025-01-02 | 4.1 Medium |
| A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access control via crafted HTTP requests. | ||||
| CVE-2023-47543 | 1 Fortinet | 1 Fortiportal | 2025-01-02 | 5.1 Medium |
| An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests. | ||||
| CVE-2024-31495 | 1 Fortinet | 1 Fortiportal | 2025-01-02 | 3.9 Low |
| A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download functionality. | ||||
| CVE-2024-26011 | 1 Fortinet | 6 Fortimanager, Fortios, Fortipam and 3 more | 2024-12-12 | 5.2 Medium |
| A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets. | ||||
| CVE-2023-48791 | 1 Fortinet | 1 Fortiportal | 2024-12-02 | 7.9 High |
| An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field. | ||||
| CVE-2024-23105 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 7.1 High |
| A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted HTTP or HTTPS packets. | ||||
| CVE-2024-21761 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 3.9 Low |
| An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload. | ||||
| CVE-2024-21759 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 3.9 Low |
| An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests. | ||||
| CVE-2023-48783 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 4.9 Medium |
| An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests. | ||||
| CVE-2023-46712 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 6.3 Medium |
| A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests. | ||||
| CVE-2023-41842 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Bigdata, Fortimanager and 1 more | 2024-11-21 | 6.3 Medium |
| A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments. | ||||
| CVE-2022-43954 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 4.1 Medium |
| An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page. | ||||
| CVE-2022-41336 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 6.6 Medium |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via sending request with specially crafted columnindex parameter. | ||||
| CVE-2022-27490 | 1 Fortinet | 4 Fortianalyzer, Fortimanager, Fortiportal and 1 more | 2024-11-21 | 5.1 Medium |
| A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands. | ||||
| CVE-2021-42757 | 1 Fortinet | 13 Fortiadc, Fortianalyzer, Fortimail and 10 more | 2024-11-21 | 6.7 Medium |
| A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. | ||||
| CVE-2021-36181 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 3.1 Low |
| A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific coordination of web requests. | ||||
| CVE-2021-36176 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 6.1 Medium |
| Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests. | ||||