CVSS: 4.7EPSS: 0%CPEs: 99EXPL: 0CVE-2022-23439
https://notcve.org/view.php?id=CVE-2022-23439
22 Jan 2025 — A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.... • https://fortiguard.com/psirt/FG-IR-21-254 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-50180
https://notcve.org/view.php?id=CVE-2023-50180
14 May 2024 — An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins. Una exposición de información confidencial del sistema a una vulnerabilidad de esfera de control no autorizada [CWE-497] en FortiADC versión 7.4.1 e inferior, versión 7.2.3 e inferior, versión 7.1.4 e infe... • https://fortiguard.com/psirt/FG-IR-23-433 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-35849
https://notcve.org/view.php?id=CVE-2022-35849
13 Sep 2023 — An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. Una vulnerabilidad de neutralización inadecuada de elementos especiales utilizados en un comando de sistema operativo [CWE-78] en la interfaz de administración de FortiA... • https://fortiguard.com/psirt/FG-IR-22-310 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-40679
https://notcve.org/view.php?id=CVE-2022-40679
11 Apr 2023 — An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized command... • https://fortiguard.com/psirt/FG-IR-22-335 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-27482
https://notcve.org/view.php?id=CVE-2022-27482
16 Feb 2023 — A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands. A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary she... • https://fortiguard.com/psirt/FG-IR-22-046 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2022-38381
https://notcve.org/view.php?id=CVE-2022-38381
02 Nov 2022 — An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request. Existe un manejo inadecuado de la vulnerabilidad de solicitud con formato incorrecto [CWE-228] en FortiADC 5.0 todas las versiones, 6.0.0 toda... • https://fortiguard.com/psirt/FG-IR-22-234 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27484
https://notcve.org/view.php?id=CVE-2022-27484
03 Aug 2022 — A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request. Un cambio de contraseña no verificado en Fortinet FortiADC versiones 6.2.0 hasta 6.2.3, 6.1.x, 6.0.x, 5.x.x, permite a un atacante autenticado omitir la comprobación de la contraseña antigua en el formulario de cambio de contraseña por medio de una petición HTTP diseñada • https://fortiguard.com/psirt/FG-IR-22-055 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-26120
https://notcve.org/view.php?id=CVE-2022-26120
18 Jul 2022 — Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. Múltiples vulnerabilidades de neutralización inapropiada de elementos especiales usados en un comando SQL ("Inyección SQL") [CWE-89] en la interfaz de administración de FortiADC versiones 7.0.0 hasta 7.... • https://fortiguard.com/psirt/FG-IR-22-051 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 22EXPL: 0CVE-2021-32591
https://notcve.org/view.php?id=CVE-2021-32591
08 Dec 2021 — A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets. Una vulnerabilidad de pasos criptográficos faltantes en la función que cifra las credenciales LDAP y RADIUS de los usuarios en FortiSandbox versiones anteriores a 4.0.1, FortiWeb v... • https://fortiguard.com/advisory/FG-IR-20-222 •
CVSS: 6.7EPSS: 0%CPEs: 30EXPL: 0CVE-2021-42757
https://notcve.org/view.php?id=CVE-2021-42757
08 Dec 2021 — A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. Un desbordamiento de búfer [CWE-121] en la biblioteca del cliente TFTP de FortiOS versiones anteriores a 6.4.7 y FortiOS versiones 7.0.0 hasta 7.0.2, puede permitir a un atacante local autenticado lograr una ejecución de código arbitrario por medio de argumentos de línea de c... • https://fortiguard.com/advisory/FG-IR-21-173 • CWE-787: Out-of-bounds Write •