CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-48885
https://notcve.org/view.php?id=CVE-2024-48885
16 Jan 2025 — A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets. • https://fortiguard.fortinet.com/psirt/FG-IR-24-259 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-55593
https://notcve.org/view.php?id=CVE-2024-55593
14 Jan 2025 — A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries • https://fortiguard.fortinet.com/psirt/FG-IR-24-465 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36509
https://notcve.org/view.php?id=CVE-2024-36509
12 Nov 2024 — An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page. • https://fortiguard.fortinet.com/psirt/FG-IR-24-180 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •