26 results (0.011 seconds)

CVSS: 3.7EPSS: 0%CPEs: 7EXPL: 0

An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature Una verificación de seguridad implementada incorrectamente para la vulnerabilidad estándar [CWE-358] en FortiADC Web Application Firewall (WAF) 7.4.0 a 7.4.4, 7.2 todas las versiones, 7.1 todas las versiones, 7.0 todas las versiones, 6.2 todas las versiones, 6.1 todas las versiones, 6.0 todas las versiones cuando la política de seguridad de cookies está habilitada puede permitir que un atacante, bajo condiciones específicas, recupere la cookie inicial cifrada y firmada protegida por la función. • https://fortiguard.fortinet.com/psirt/FG-IR-22-256 • CWE-358: Improperly Implemented Security Check for Standard •

CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0

An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud. • https://fortiguard.fortinet.com/psirt/FG-IR-22-298 • CWE-295: Improper Certificate Validation •

CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0

An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-469 • CWE-284: Improper Access Control •

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and below, version 6.2.6 and below may allow a read-only admin to view data pertaining to other admins. Una exposición de información confidencial del sistema a una vulnerabilidad de esfera de control no autorizada [CWE-497] en FortiADC versión 7.4.1 e inferior, versión 7.2.3 e inferior, versión 7.1.4 e inferior, versión 7.0.5 e inferior, versión 6.2. 6 y siguientes pueden permitir que un administrador de solo lectura vea datos pertenecientes a otros administradores. • https://fortiguard.com/psirt/FG-IR-23-433 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •

CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0

An improper authorization vulnerability [CWE-285] in Fortinet FortiADC version 7.4.0 and before 7.2.2 may allow a low privileged user to read or backup the full system configuration via HTTP or HTTPS requests. Una vulnerabilidad de autorización inadecuada [CWE-285] en Fortinet FortiADC versión 7.4.0 y anteriores a 7.2.2 puede permitir que un usuario con pocos privilegios lea o haga una copia de seguridad de la configuración completa del sistema a través de solicitudes HTTP o HTTPS. • https://fortiguard.com/psirt/FG-IR-23-270 • CWE-285: Improper Authorization •