CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2021-26104
https://notcve.org/view.php?id=CVE-2021-26104
06 Apr 2022 — Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters. Múltiples vulnerabilidades ... • https://fortiguard.com/advisory/FG-IR-21-037 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2021-36171
https://notcve.org/view.php?id=CVE-2021-36171
01 Mar 2022 — The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame. El uso de un generador de números pseudoaleatorios criptográficamente débil en la funcionalidad password reset de FortiPortal versiones anteriores a 6.0.6, puede permitir a un atacante remoto no autenticado predecir partes o la totalidad de la contraseña rec... • https://fortiguard.com/psirt/FG-IR-21-099 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-36168
https://notcve.org/view.php?id=CVE-2021-36168
04 Aug 2021 — A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values. Una limitación inapropiada de un nombre de ruta a un directorio restringido ("Salto de Ruta") en Fortinet FortiPortal versiones 6.x anteriores a 6.0.5, FortiPortal versiones 5.3.x anteriores a 5.3.6 y cualquier F... • https://fortiguard.com/advisory/FG-IR-21-085 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.9EPSS: 0%CPEs: 9EXPL: 0CVE-2021-32590
https://notcve.org/view.php?id=CVE-2021-32590
04 Aug 2021 — Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests. Múltiples vulnerabilidades de neutralización inapropiada de elementos especiales usados en un comando SQL en FortiPortal versiones 6.0.0 hasta 6.0.4, versiones 5.3.0 ... • https://fortiguard.com/advisory/FG-IR-21-084 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7342
https://notcve.org/view.php?id=CVE-2017-7342
25 Mar 2019 — A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button Una vulnerabilidad de debilidad del proceso de recuperación de contraseña en Fortinet FortiPortal en su versión 4.0.0 y anteriores permite que atacantes remotos ejecuten código o comandos sin autorización mediante un botón ‘‘Close’’ oculto. • https://fortiguard.com/psirt/FG-IR-17-114 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7340
https://notcve.org/view.php?id=CVE-2017-7340
25 Mar 2019 — A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality. Una vulnerabilidad Cross-Site Scripting en Fortinet FortiPortal en su versión 4.0.0 y anteriores permite que atacantes remotos ejecuten código o comandos sin autorización mediante el parámetro applicationSearch en la funcionalidad FortiView. • https://fortiguard.com/psirt/FG-IR-17-114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7337
https://notcve.org/view.php?id=CVE-2017-7337
26 May 2017 — An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request. Una vulnerabilidad de Control de Acceso inapropiada en FortiPortal versiones 4.0.0 y anteriores de Fortinet, permite a un atacante interactuar con VDOMs no autorizados o enumerar otros ADOM por medio de una ses... • https://fortiguard.com/psirt/FG-IR-17-114 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7338
https://notcve.org/view.php?id=CVE-2017-7338
26 May 2017 — A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. Existe una vulnerabilidad en el manejo de contraseñas en Fortinet FortiPortal en versiones anteriores a la 4.0.0 que permite a los atacantes divulgar información mediante FortiAnalyzer Management View. • https://fortiguard.com/psirt/FG-IR-17-114 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7339
https://notcve.org/view.php?id=CVE-2017-7339
26 May 2017 — A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. Una vulnerabilidad de tipo Cross-Site Scripting en FortiPortal versiones 4.0.0 y anteriores de Fortinet, permite a un atacante ejecutar código o comandos no autorizados por medio de las entradas "Name" y "Description" en la funcionalidad "Add Revision Backup". • https://fortiguard.com/psirt/FG-IR-17-114 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7343
https://notcve.org/view.php?id=CVE-2017-7343
26 May 2017 — An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. Una vulnerabilidad de redirección abierta en Fortigate FortiPortal 4.0.0 y posterior permite al atacante ejecutar código no autorizado o comandos a través del parámetro url. • https://fortiguard.com/psirt/FG-IR-17-114 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •