Page 6 of 85 results (0.001 seconds)

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session. • https://fortiguard.com/psirt/FG-IR-21-214 • CWE-384: Session Fixation •

CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0

A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially crafted web requests. • https://fortiguard.com/psirt/FG-IR-22-146 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter. • https://fortiguard.com/psirt/FG-IR-21-126 • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests. • https://fortiguard.com/psirt/FG-IR-22-136 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as `root` user via crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-22-163 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •