Filtered by vendor Fortinet
Subscriptions
Filtered by product Fortiportal
Subscriptions
Total
32 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-21759 | 1 Fortinet | 1 Fortiportal | 2024-09-09 | 3.9 Low |
An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests. | ||||
CVE-2023-41842 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Bigdata, Fortimanager and 1 more | 2024-08-12 | 6.3 Medium |
A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments. | ||||
CVE-2024-21761 | 1 Fortinet | 1 Fortiportal | 2024-08-12 | 3.9 Low |
An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload. | ||||
CVE-2017-7731 | 1 Fortinet | 1 Fortiportal | 2024-08-05 | N/A |
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature. | ||||
CVE-2017-7337 | 1 Fortinet | 1 Fortiportal | 2024-08-05 | N/A |
An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request. | ||||
CVE-2017-7342 | 1 Fortinet | 1 Fortiportal | 2024-08-05 | N/A |
A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button | ||||
CVE-2017-7339 | 1 Fortinet | 1 Fortiportal | 2024-08-05 | N/A |
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality. | ||||
CVE-2017-7340 | 1 Fortinet | 1 Fortiportal | 2024-08-05 | N/A |
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality. | ||||
CVE-2017-7343 | 1 Fortinet | 1 Fortiportal | 2024-08-05 | N/A |
An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. | ||||
CVE-2017-7338 | 1 Fortinet | 1 Fortiportal | 2024-08-05 | N/A |
A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View. | ||||
CVE-2021-42757 | 1 Fortinet | 13 Fortiadc, Fortianalyzer, Fortimail and 10 more | 2024-08-04 | 6.7 Medium |
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. | ||||
CVE-2021-36176 | 1 Fortinet | 1 Fortiportal | 2024-08-04 | 6.1 Medium |
Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests. | ||||
CVE-2021-36172 | 1 Fortinet | 1 Fortiportal | 2024-08-04 | 4.3 Medium |
An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents. | ||||
CVE-2021-36181 | 1 Fortinet | 1 Fortiportal | 2024-08-04 | 3.1 Low |
A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific coordination of web requests. | ||||
CVE-2021-36171 | 1 Fortinet | 1 Fortiportal | 2024-08-04 | 8.1 High |
The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame. | ||||
CVE-2021-36168 | 1 Fortinet | 1 Fortiportal | 2024-08-04 | 6.5 Medium |
A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values. | ||||
CVE-2021-36174 | 1 Fortinet | 1 Fortiportal | 2024-08-04 | 4.3 Medium |
A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially crafted license blobs. | ||||
CVE-2021-32602 | 1 Fortinet | 1 Fortiportal | 2024-08-03 | 5.8 Medium |
An improper neutralization of input during web page generation vulnerability (CWE-79) in FortiPortal GUI 6.0.4 and below, 5.3.6 and below, 5.2.6 and below, 5.1.2 and below, 5.0.3 and below, 4.2.2 and below, 4.1.2 and below, 4.0.4 and below may allow a remote and unauthenticated attacker to perform an XSS attack via sending a crafted request with an invalid lang parameter or with an invalid org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE value. | ||||
CVE-2021-32596 | 1 Fortinet | 1 Fortiportal | 2024-08-03 | 6 Medium |
A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables. | ||||
CVE-2021-32595 | 1 Fortinet | 1 Fortiportal | 2024-08-03 | 6.5 Medium |
Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests. |