Page 8 of 797 results (0.003 seconds)

CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0

An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud. • https://fortiguard.fortinet.com/psirt/FG-IR-22-298 • CWE-295: Improper Certificate Validation •

CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0

An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-469 • CWE-284: Improper Access Control •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request. • https://fortiguard.com/psirt/FG-IR-23-459 • CWE-284: Improper Access Control •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-011 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0 may allow an attacker to re-use stolen old session tokens to perform unauthorized operations via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-069 • CWE-613: Insufficient Session Expiration •