cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2022-27487,https://securityvulnerability.io/vulnerability/CVE-2022-27487,Improper Privilege Management in Fortinet FortiSandbox and FortiDeceptor,"The vulnerability identified in Fortinet's FortiSandbox and FortiDeceptor products exposes them to the risk of unauthorized API calls. Remote authenticated attackers can exploit this weakness by sending carefully crafted HTTP or HTTPS requests. This flaw could lead to significant security concerns, as it undermines the integrity of the permission mechanisms, potentially allowing unauthorized actions within the affected systems.",Fortinet,"Fortideceptor,Fortisandbox",8.3,HIGH,0.002240000059828162,false,false,false,false,,false,false,2023-04-11T16:06:58.797Z,0 CVE-2023-26209,https://securityvulnerability.io/vulnerability/CVE-2023-26209,,A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.,Fortinet,Fortideceptor,3.5,LOW,0.0014299999456852674,false,false,false,false,,false,false,2023-03-09T15:15:00.000Z,0 CVE-2022-30305,https://securityvulnerability.io/vulnerability/CVE-2022-30305,,"An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.",Fortinet,"Fortisandbox,Fortideceptor",3.6,LOW,0.0014299999456852674,false,false,false,false,,false,false,2022-12-06T16:00:54.500Z,0 CVE-2022-38373,https://securityvulnerability.io/vulnerability/CVE-2022-38373,,"An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.",Fortinet,Fortinet Fortideceptor,8,HIGH,0.000539999979082495,false,false,false,false,,false,false,2022-11-02T00:00:00.000Z,0 CVE-2022-30302,https://securityvulnerability.io/vulnerability/CVE-2022-30302,,"Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests.",Fortinet,Fortinet Fortideceptor,6.5,MEDIUM,0.0007999999797903001,false,false,false,false,,false,false,2022-07-19T14:15:00.000Z,0 CVE-2020-29017,https://securityvulnerability.io/vulnerability/CVE-2020-29017,,"An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.",Fortinet,Fortinet Fortideceptor,8.8,HIGH,0.002400000113993883,false,false,false,false,,false,false,2021-01-14T16:03:12.000Z,0 CVE-2020-6644,https://securityvulnerability.io/vulnerability/CVE-2020-6644,,"An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks.",Fortinet,Fortinet Fortideceptor,8.1,HIGH,0.002219999907538295,false,false,false,false,,false,false,2020-06-22T15:23:43.000Z,0