CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-50178
https://notcve.org/view.php?id=CVE-2023-50178
An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud. • https://fortiguard.fortinet.com/psirt/FG-IR-22-298 • CWE-295: Improper Certificate Validation •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0CVE-2023-50181
https://notcve.org/view.php?id=CVE-2023-50181
An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-469 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-23663
https://notcve.org/view.php?id=CVE-2024-23663
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request. • https://fortiguard.com/psirt/FG-IR-23-459 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-21759
https://notcve.org/view.php?id=CVE-2024-21759
An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-011 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27782
https://notcve.org/view.php?id=CVE-2024-27782
Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-069 • CWE-613: Insufficient Session Expiration •