CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42469
https://notcve.org/view.php?id=CVE-2022-42469
A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal. • https://fortiguard.com/psirt/FG-IR-22-381 • CWE-183: Permissive List of Allowed Inputs •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-22642
https://notcve.org/view.php?id=CVE-2023-22642
An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources. • https://fortiguard.com/psirt/FG-IR-22-502 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27485
https://notcve.org/view.php?id=CVE-2022-27485
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request. • https://fortiguard.com/psirt/FG-IR-22-060 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-43947
https://notcve.org/view.php?id=CVE-2022-43947
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions. • https://fortiguard.com/psirt/FG-IR-22-444 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-27487
https://notcve.org/view.php?id=CVE-2022-27487
A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests. • https://fortiguard.com/psirt/FG-IR-22-056 • CWE-269: Improper Privilege Management •