cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-26104,https://securityvulnerability.io/vulnerability/CVE-2021-26104,OS Command Injection Vulnerabilities in FortiManager and FortiAnalyzer,"Multiple vulnerabilities exist within the command line interface of FortiManager, FortiAnalyzer, and FortiPortal. These vulnerabilities allow a local authenticated and unprivileged user the ability to craft specific command line parameters, thereby executing arbitrary shell commands with root privileges. This issue can lead to significant security risks, including unauthorized access and potential system compromise.",Fortinet,"Fortinet Fortimanager, Fortianalyzer, Fortiportal",7.8,HIGH,0.010730000212788582,false,,false,false,false,,,false,false,,2022-04-06T16:00:20.000Z,0
CVE-2021-36171,https://securityvulnerability.io/vulnerability/CVE-2021-36171,Weak Random Number Generation in FortiPortal by Fortinet,"The password reset functionality in FortiPortal prior to version 6.0.6 utilizes a cryptographically weak pseudo-random number generator. This vulnerability allows a remote, unauthenticated attacker to potentially predict the newly generated password or portions of it within a short timeframe, thereby compromising user accounts and system integrity.",Fortinet,Fortinet Fortiportal,8.1,HIGH,0.0030300000216811895,false,,false,false,false,,,false,false,,2022-03-01T18:05:10.000Z,0
CVE-2021-36174,https://securityvulnerability.io/vulnerability/CVE-2021-36174,Memory Allocation Vulnerability in FortiPortal by Fortinet,"A vulnerability in the license verification function of FortiPortal prior to version 6.0.6 permits an attacker to exploit excessive memory allocation through specially crafted license blobs. This can facilitate a denial of service attack, potentially disrupting the availability of the FortiPortal service. Organizations using affected versions should apply recommended updates to mitigate possible exploitation.",Fortinet,Fortinet Fortiportal,4.3,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2021-11-02T18:15:44.000Z,0
CVE-2021-36176,https://securityvulnerability.io/vulnerability/CVE-2021-36176,Uncontrolled Resource Consumption Vulnerabilities in FortiPortal by Fortinet,"FortiPortal prior to version 6.0.6 contains multiple uncontrolled resource consumption vulnerabilities that can be exploited by a low-privileged user. By sending numerous HTTP requests, an attacker could induce a denial of service, affecting the availability of the FortiPortal web interface. This makes it crucial for users to upgrade to the latest version to mitigate potential exploitation risks.",Fortinet,Fortinet Fortiportal,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2021-11-02T18:10:57.000Z,0
CVE-2021-32595,https://securityvulnerability.io/vulnerability/CVE-2021-32595,Uncontrolled Resource Consumption Vulnerability in FortiPortal by Fortinet,"Multiple uncontrolled resource consumption vulnerabilities exist within the web interface of FortiPortal versions prior to 6.0.6. These vulnerabilities may allow a low-privileged user to exhaust system resources, potentially leading to a denial of service. By sending multiple HTTP requests, an attacker can disrupt the normal operation of the FortiPortal, impacting the availability of services reliant on this platform.",Fortinet,Fortinet Fortiportal,6.5,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2021-11-02T18:04:20.000Z,0
CVE-2021-36172,https://securityvulnerability.io/vulnerability/CVE-2021-36172,Improper XML External Entity Handling in FortiPortal by Fortinet,"An improper handling of XML external entities in FortiPortal allowed for potential exploitation by attackers manipulating XML responses. This vulnerability could lead to service interruptions or unauthorized access to system files through specially crafted XML documents, affecting the integrity and confidentiality of data.",Fortinet,Fortinet Fortiportal,4.3,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2021-11-02T17:35:11.000Z,0
CVE-2021-36181,https://securityvulnerability.io/vulnerability/CVE-2021-36181,Race Condition in FortiPortal Customer Database Interface,A race condition vulnerability within the customer database interface of FortiPortal prior to version 6.0.6 could allow an authenticated user with low privileges to execute specific web requests that lead to an inconsistent state of the underlying database. This issue occurs due to improper synchronization when executing concurrent tasks that share resources. It highlights the risks associated with database security and the importance of robust access controls.,Fortinet,Fortinet Fortiportal,3.1,LOW,0.000539999979082495,false,,false,false,false,,,false,false,,2021-11-02T17:22:57.000Z,0
CVE-2021-32602,https://securityvulnerability.io/vulnerability/CVE-2021-32602,Remote Code Execution Vulnerability in Fortinet FortiPortal GUI,"The FortiPortal GUI contains a vulnerability that arises from improper handling of user input during the generation of web pages. An attacker can exploit this flaw by sending a specially crafted request containing invalid parameters, which can allow for Cross-Site Scripting (XSS) attacks. This may lead to unauthorized access and manipulation of user sessions. It is crucial for organizations using FortiPortal to assess their current versions and apply necessary updates to safeguard against potential exploit attempts.",Fortinet,Fortinet Fortiportal,5.8,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2021-08-19T00:15:00.000Z,0
CVE-2021-32588,https://securityvulnerability.io/vulnerability/CVE-2021-32588,Hard-coded Credentials Vulnerability in FortiPortal by Fortinet,"A vulnerability in FortiPortal allows attackers to exploit hard-coded credentials associated with the Tomcat Manager. This flaw exists in specific versions of FortiPortal, enabling remote and unauthenticated adversaries to upload malicious web application archive files. By leveraging these hard-coded credentials, attackers can execute unauthorized commands with root privileges, posing significant security risks for affected systems.",Fortinet,Fortinet Fortiportal,9.8,CRITICAL,0.0017800000496208668,false,,false,false,false,,,false,false,,2021-08-18T21:30:12.000Z,0
CVE-2021-32596,https://securityvulnerability.io/vulnerability/CVE-2021-32596,Use of Predictable Salt Vulnerability in FortiPortal by Fortinet,"A vulnerability in the password storing mechanism of FortiPortal versions 6.0.0 to 6.04 exists due to the use of one-way hashing with a predictable salt. This flaw may allow an attacker, who has already gained access to the password store, to utilize precomputed tables to decrypt stored passwords, potentially compromising sensitive user accounts.",Fortinet,Fortinet Fortiportal,6,MEDIUM,0.0016799999866634607,false,,false,false,false,,,false,false,,2021-08-04T15:35:29.000Z,0
CVE-2021-36168,https://securityvulnerability.io/vulnerability/CVE-2021-36168,Path Traversal Vulnerability in Fortinet FortiPortal Software,"A path traversal vulnerability exists in Fortinet FortiPortal where improper limitation of pathname exposure allows an authenticated attacker to manipulate directory paths. By crafting specific GET requests with malicious parameters, the attacker could potentially disclose sensitive information that resides within directories that should remain inaccessible. This flaw affects versions of FortiPortal prior to 6.0.5, 5.3.6, and versions before 6.2.5, creating a risk for organizations utilizing Fortinet's solutions.",Fortinet,Fortinet Fortiportal,6.5,MEDIUM,0.0012799999676644802,false,,false,false,false,,,false,false,,2021-08-04T15:01:20.000Z,0
CVE-2021-32590,https://securityvulnerability.io/vulnerability/CVE-2021-32590,SQL Injection Vulnerability in FortiPortal by Fortinet,"The FortiPortal product line is vulnerable to multiple SQL injection vulnerabilities that stem from improper handling of specially crafted SQL command components. These flaws affect versions 4.2.2 and earlier, allowing an authenticated user to execute arbitrary commands on the underlying SQL database. Attackers can exploit this issue by sending specially crafted HTTP requests that manipulate database queries, potentially compromising data integrity and confidentiality.",Fortinet,Fortinet Fortiportal,9.9,CRITICAL,0.0010600000387057662,false,,false,false,false,,,false,false,,2021-08-04T13:31:30.000Z,0
CVE-2021-32594,https://securityvulnerability.io/vulnerability/CVE-2021-32594,Unrestricted File Upload Vulnerability in FortiPortal by Fortinet,"An unrestricted file upload vulnerability in the web interface of FortiPortal allows low-privileged users to upload maliciously crafted files, potentially enabling them to manipulate critical system files and compromise the integrity of the FortiPortal environment. This vulnerability affects various versions of FortiPortal, making it crucial for users to apply necessary security patches and implement strict file upload controls to mitigate potential risks.",Fortinet,Fortinet Fortiportal,5.4,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2021-08-04T13:26:46.000Z,0
CVE-2017-7342,https://securityvulnerability.io/vulnerability/CVE-2017-7342,Weak Password Recovery Process in Fortinet FortiPortal,"The Fortinet FortiPortal is impacted by a vulnerability related to its password recovery process. Specifically, versions up to 4.0.0 exhibit a flaw that allows attackers to exploit a hidden Close button, leading to the execution of unauthorized code or commands. This compromise underscores the importance of robust password recovery mechanisms to ensure security and prevent unauthorized access.",Fortinet,Fortinet Fortiportal,9.8,CRITICAL,0.002219999907538295,false,,false,false,false,,,false,false,,2019-03-25T21:05:27.000Z,0
CVE-2017-7340,https://securityvulnerability.io/vulnerability/CVE-2017-7340,Cross-Site Scripting Vulnerability in Fortinet FortiPortal,"A Cross-Site Scripting (XSS) vulnerability exists in Fortinet FortiPortal versions up to 4.0.0. An attacker can exploit this flaw through the applicationSearch parameter in the FortiView functionality, executing arbitrary code or commands. This security issue can allow unauthorized access to sensitive information or control over the application.",Fortinet,Fortinet Fortiportal,6.1,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2019-03-25T20:55:59.000Z,0
CVE-2017-7339,https://securityvulnerability.io/vulnerability/CVE-2017-7339,,A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality.,Fortinet,Fortinet Fortiportal,6.1,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2017-05-27T00:29:00.000Z,0
CVE-2017-7337,https://securityvulnerability.io/vulnerability/CVE-2017-7337,,An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request.,Fortinet,Fortinet Fortiportal,9.1,CRITICAL,0.0018599999602884054,false,,false,false,false,,,false,false,,2017-05-27T00:29:00.000Z,0
CVE-2017-7338,https://securityvulnerability.io/vulnerability/CVE-2017-7338,,A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View.,Fortinet,Fortinet Fortiportal,7.5,HIGH,0.0018599999602884054,false,,false,false,false,,,false,false,,2017-05-27T00:29:00.000Z,0
CVE-2017-7731,https://securityvulnerability.io/vulnerability/CVE-2017-7731,,A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.,Fortinet,Fortinet Fortiportal,7.5,HIGH,0.0018599999602884054,false,,false,false,false,,,false,false,,2017-05-27T00:29:00.000Z,0
CVE-2017-7343,https://securityvulnerability.io/vulnerability/CVE-2017-7343,,An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter.,Fortinet,Fortinet Fortiportal,6.1,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2017-05-27T00:29:00.000Z,0