CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-43951
https://notcve.org/view.php?id=CVE-2022-43951
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests. • https://fortiguard.com/psirt/FG-IR-22-409 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-40675
https://notcve.org/view.php?id=CVE-2022-40675
Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. • https://fortiguard.com/psirt/FG-IR-22-312 • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-39954
https://notcve.org/view.php?id=CVE-2022-39954
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. • https://fortiguard.com/psirt/FG-IR-22-304 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-38375
https://notcve.org/view.php?id=CVE-2022-38375
An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests. • https://fortiguard.com/psirt/FG-IR-22-329 • CWE-285: Improper Authorization •