CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-42783
https://notcve.org/view.php?id=CVE-2023-42783
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests. Path Traversal relativo en Fortinet FortiWLM versión 8.6.0 a 8.6.5 y 8.5.0 a 8.5.4 y 8.4.2 a 8.4.0 y 8.3.2 a 8.3.0 y 8.2.2 permite al atacante leer archivos arbitrarios a través de solicitudes http manipuladas. • https://fortiguard.com/psirt/FG-IR-23-143 • CWE-23: Relative Path Traversal •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2023-44256
https://notcve.org/view.php?id=CVE-2023-44256
A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request. Una vulnerabilidad de server-side request forgery [CWE-918] en Fortinet FortiAnalyzer versión 7.4.0, versión 7.2.0 a 7.2.3 y anteriores a 7.0.8 y FortiManager versión 7.4.0, versión 7.2.0 a 7.2.3 y anteriores 7.0.8 permite a un atacante remoto con privilegios bajos ver datos confidenciales de servidores internos o realizar un escaneo de puerto local a través de una solicitud HTTP manipulada. • https://fortiguard.com/psirt/FG-IR-19-039 https://github.com/orangecertcc/security-research/security/advisories/GHSA-2hc5-p5mc-8vrh • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-41836
https://notcve.org/view.php?id=CVE-2023-41836
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests. Una neutralización inadecuada de la entrada durante la generación de la página web ("cross-site scripting") en Fortinet FortiSandbox versión 4.4.0 y 4.2.0 a 4.2.4, y 4.0.0 a 4.0.4 y 3.2.0 a 3.2.4 y Las versiones 3.1.0 a 3.1.5 y 3.0.4 a 3.0.7 permiten a un atacante ejecutar código o comandos no autorizados a través de solicitudes HTTP manipuladas. • https://fortiguard.com/psirt/FG-IR-23-215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-41843
https://notcve.org/view.php?id=CVE-2023-41843
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests. Una neutralización inadecuada de la entrada durante la generación de la página web ("cross-site scripting") en Fortinet FortiSandbox versión 4.4.1 y 4.4.0 y 4.2.0 a 4.2.5 y 4.0.0 a 4.0.3 permite al atacante ejecutar código no autorizado o comandos a través de solicitudes HTTP manipuladas. • https://fortiguard.com/psirt/FG-IR-23-273 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-41680
https://notcve.org/view.php?id=CVE-2023-41680
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests. Una neutralización inadecuada de la entrada durante la generación de la página web ("cross-site scripting") en Fortinet FortiSandbox versión 4.4.1 y 4.4.0 y 4.2.0 a 4.2.5 y 4.0.0 a 4.0.3 y 3.2.0 a 3.2 .4 y 3.1.0 hasta 3.1.5 y 3.0.0 hasta 3.0.7 y 2.5.0 hasta 2.5.2 y 2.4.1 permiten a un atacante ejecutar código o comandos no autorizados a través de solicitudes HTTP manipuladas. • https://fortiguard.com/psirt/FG-IR-23-311 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •