CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-27490
https://notcve.org/view.php?id=CVE-2022-27490
07 Mar 2023 — A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands. • https://fortiguard.com/psirt/FG-IR-18-232 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-41336
https://notcve.org/view.php?id=CVE-2022-41336
03 Jan 2023 — An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via sending request with specially crafted columnindex parameter. • https://fortiguard.com/psirt/FG-IR-22-313 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 9EXPL: 1CVE-2021-26104
https://notcve.org/view.php?id=CVE-2021-26104
06 Apr 2022 — Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters. Múltiples vulnerabilidades ... • https://fortiguard.com/advisory/FG-IR-21-037 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-36171
https://notcve.org/view.php?id=CVE-2021-36171
01 Mar 2022 — The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame. El uso de un generador de números pseudoaleatorios criptográficamente débil en la funcionalidad password reset de FortiPortal versiones anteriores a 6.0.6, puede permitir a un atacante remoto no autenticado predecir partes o la totalidad de la contraseña rec... • https://fortiguard.com/psirt/FG-IR-21-099 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 6.7EPSS: 0%CPEs: 30EXPL: 0CVE-2021-42757
https://notcve.org/view.php?id=CVE-2021-42757
08 Dec 2021 — A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. Un desbordamiento de búfer [CWE-121] en la biblioteca del cliente TFTP de FortiOS versiones anteriores a 6.4.7 y FortiOS versiones 7.0.0 hasta 7.0.2, puede permitir a un atacante local autenticado lograr una ejecución de código arbitrario por medio de argumentos de línea de c... • https://fortiguard.com/advisory/FG-IR-21-173 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36174
https://notcve.org/view.php?id=CVE-2021-36174
02 Nov 2021 — A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially crafted license blobs. Una vulnerabilidad de asignación de memoria con valor de tamaño excesivo en la función de verificación de licencias de FortiPortal versiones anteriores a 6.0.6, puede permitir a un atacante llevar a cabo un ataque de denegación de servicio por medio de blobs de licencia especialmente diseñ... • https://fortiguard.com/advisory/FG-IR-21-109 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36176
https://notcve.org/view.php?id=CVE-2021-36176
02 Nov 2021 — Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests. Múltiples vulnerabilidades de consumo de recursos no controlables en la interfaz web de FortiPortal versiones anteriores a 6.0.6, pueden permitir a un único usuario poco privilegiado inducir una denegación de servicio por medio de múltiples peticiones HTTP • https://fortiguard.com/advisory/FG-IR-21-100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32595
https://notcve.org/view.php?id=CVE-2021-32595
02 Nov 2021 — Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests. Múltiples vulnerabilidades de consumo de recursos no controlables en la interfaz web de FortiPortal versiones anteriores a 6.0.6, pueden permitir a un único usuario poco privilegiado inducir una denegación de servicio por medio de múltiples peticiones HTTP • https://fortiguard.com/advisory/FG-IR-21-096 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-36172
https://notcve.org/view.php?id=CVE-2021-36172
02 Nov 2021 — An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents. Una vulnerabilidad de restricción inapropiada de referencias a entidades externas XML en el analizador de respuestas XML de FortiPortal versiones anteriores a 6... • https://fortiguard.com/advisory/FG-IR-21-104 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36181
https://notcve.org/view.php?id=CVE-2021-36181
02 Nov 2021 — A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific coordination of web requests. Una ejecución concurrente usando un recurso compartido con una vulnerabilidad de sincronización inapropiada ("Condición de carrera") en la interfaz de la base de datos de clientes de For... • https://fortiguard.com/advisory/FG-IR-21-102 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •