cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-41026,https://securityvulnerability.io/vulnerability/CVE-2021-41026,Path Traversal Vulnerability in FortiWeb by Fortinet,"A relative path traversal vulnerability exists in FortiWeb versions 6.4.1, 6.4.0, and from 6.3.0 to 6.3.15, enabling an authenticated attacker to exploit this flaw to access arbitrary files on the underlying filesystem. This can occur through the submission of specially crafted web requests that manipulate file paths, potentially leading to unauthorized access to sensitive information stored on the server.",Fortinet,Fortinet Fortiweb,6.5,MEDIUM,0.0009299999801442027,false,,false,false,false,,,false,false,,2022-04-06T16:00:26.000Z,0
CVE-2021-43071,https://securityvulnerability.io/vulnerability/CVE-2021-43071,Heap-Based Buffer Overflow in Fortinet FortiWeb's LogReport API,"A heap-based buffer overflow vulnerability exists in Fortinet FortiWeb versions 6.4.1, 6.4.0, 6.3.15, and earlier versions. This flaw allows an attacker to execute unauthorized code or commands by sending specially crafted HTTP requests to the LogReport API controller. Exploiting this vulnerability could potentially lead to significant security breaches, giving unauthorized access to sensitive system functionalities.",Fortinet,Fortinet Fortiweb,8.8,HIGH,0.0009599999757483602,false,,false,false,false,,,false,false,,2021-12-09T09:18:03.000Z,0
CVE-2021-36194,https://securityvulnerability.io/vulnerability/CVE-2021-36194,Stack-based Buffer Overflows in FortiWeb Products by Fortinet,"Multiple stack-based buffer overflows in the API controllers of FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 could potentially allow an authenticated attacker to execute arbitrary code through specially crafted requests, exposing sensitive systems to risk and unauthorized actions.",Fortinet,Fortinet Fortiweb,8.8,HIGH,0.0009599999757483602,false,,false,false,false,,,false,false,,2021-12-09T08:46:46.000Z,0
CVE-2021-41017,https://securityvulnerability.io/vulnerability/CVE-2021-41017,Heap-based Buffer Overflow Vulnerabilities in FortiWeb by Fortinet,"Multiple heap-based buffer overflow vulnerabilities exist in certain web API controllers of FortiWeb (versions 6.3.0 to 6.4.1). Aimed at authenticated users, these vulnerabilities can be exploited by sending specially crafted HTTP requests, potentially allowing attackers to execute arbitrary commands or code remotely, thereby compromising system integrity and security.",Fortinet,Fortinet Fortiweb,8.8,HIGH,0.0017000000225380063,false,,false,false,false,,,false,false,,2021-12-08T18:51:10.000Z,0
CVE-2021-41025,https://securityvulnerability.io/vulnerability/CVE-2021-41025,Authentication Bypass Vulnerability in Fortinet FortiWeb Products,"Multiple vulnerabilities have been identified within the authentication mechanism of FortiWeb, impacting numerous versions. These vulnerabilities involve an instance of concurrent execution using a shared resource with improper synchronization, as well as authentication bypass via replay attacks. Successfully exploiting these issues could enable remote, unauthenticated attackers to evade authentication processes and gain unauthorized access as legitimate cluster peers, posing a significant threat to the security of affected systems.",Fortinet,Fortinet Fortiweb,7.3,HIGH,0.007840000092983246,false,,false,false,false,,,false,false,,2021-12-08T18:46:00.000Z,0
CVE-2021-36195,https://securityvulnerability.io/vulnerability/CVE-2021-36195,Command Injection Vulnerabilities in FortiWeb by Fortinet,"FortiWeb, a web application firewall from Fortinet, contains multiple command injection vulnerabilities within its command line interpreter. These vulnerabilities can be exploited by an authenticated attacker with crafted command arguments, enabling arbitrary command execution on the underlying system shell. This could potentially lead to unauthorized actions and compromise the integrity of the affected system. It's essential for users to apply the latest updates to mitigate this risk and ensure the ongoing security of their web applications.",Fortinet,Fortinet Fortiweb,4.2,MEDIUM,0.0019600000232458115,false,,false,false,false,,,false,false,,2021-12-08T18:14:55.000Z,0
CVE-2021-41013,https://securityvulnerability.io/vulnerability/CVE-2021-41013,Improper Access Control in FortiWeb Affects Log Reports,"An improper access control issue in FortiWeb versions 6.4.1 and earlier, and 6.3.15 and earlier allows unauthorized and unauthenticated users to access sensitive log reports through direct URL manipulation. This vulnerability exposes critical logging information, potentially compromising the security posture of affected systems.",Fortinet,Fortinet Fortiweb,5.3,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2021-12-08T13:33:58.000Z,0
CVE-2021-36188,https://securityvulnerability.io/vulnerability/CVE-2021-36188,Cross-Site Scripting Vulnerability in Fortinet FortiWeb Web Application Firewall,"A cross-site scripting vulnerability exists in Fortinet's FortiWeb web application firewall, affecting versions 6.4.1 and earlier as well as 6.3.15 and earlier. This flaw allows an attacker to inject malicious scripts through improperly neutralized input during web page generation. By exploiting this vulnerability, attackers can execute unauthorized code or commands via specially crafted GET parameters submitted to the login and error handler interfaces, posing significant risks to the integrity of affected systems.",Fortinet,Fortinet Fortiweb,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2021-12-08T13:24:55.000Z,0
CVE-2021-43063,https://securityvulnerability.io/vulnerability/CVE-2021-43063,Cross-Site Scripting Vulnerability in Fortinet FortiWeb Products,"An improper neutralization of input during web page generation in Fortinet FortiWeb allows for the exploitation of cross-site scripting (XSS) vulnerabilities. This issue affects multiple versions of FortiWeb, enabling attackers to potentially execute unauthorized code or commands through crafted HTTP GET requests targeting the login interface. Users of affected versions should take immediate action to mitigate risk.",Fortinet,Fortinet Fortiweb,6.1,MEDIUM,0.002219999907538295,false,,false,false,false,,,false,false,,2021-12-08T13:16:29.000Z,0
CVE-2021-36190,https://securityvulnerability.io/vulnerability/CVE-2021-36190,Unintended Proxy Vulnerability in Fortinet FortiWeb Affecting Multiple Versions,"The vulnerability in Fortinet FortiWeb arises from an unintended proxy or intermediary issue, allowing unauthenticated attackers to exploit crafted HTTP requests to access protected hosts. This flaw affects multiple versions of the FortiWeb product, potentially exposing sensitive data and systems to unauthorized access. Organizations using affected versions must assess their security posture and implement the necessary updates to mitigate risks.",Fortinet,Fortinet Fortiweb,5.5,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2021-12-08T13:11:05.000Z,0
CVE-2021-41014,https://securityvulnerability.io/vulnerability/CVE-2021-41014,Uncontrolled Resource Consumption in Fortinet FortiWeb,"An uncontrolled resource consumption issue in Fortinet FortiWeb allows unauthenticated attackers to exploit the system by sending oversized HTTP packets. This can lead to the httpsd daemon becoming unresponsive, thereby disrupting services and potentially exposing the system to further attacks.",Fortinet,Fortinet Fortiweb,7.5,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2021-12-08T13:06:15.000Z,0
CVE-2021-36191,https://securityvulnerability.io/vulnerability/CVE-2021-36191,Open Redirect Vulnerability in Fortinet FortiWeb,"An open redirect vulnerability in Fortinet FortiWeb versions 6.4.1 and below, and 6.3.15 and below allows attackers to redirect users to untrusted sites, compromising the security of the application. By manipulating GET parameters in requests directed at error handlers, an attacker can leverage the device as a proxy, leading to potential exploitation and malicious redirection of users.",Fortinet,Fortinet Fortiweb,4.1,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-12-08T13:03:35.000Z,0
CVE-2021-41027,https://securityvulnerability.io/vulnerability/CVE-2021-41027,Stack-Based Buffer Overflow in Fortinet FortiWeb Affects Multiple Versions,"A stack-based buffer overflow vulnerability exists in Fortinet FortiWeb versions 6.4.1 and 6.4.0. This flaw allows an authenticated attacker to exploit the system by uploading specially crafted certificates. Successful exploitation may lead to the execution of unauthorized code or commands on the device, posing significant security risks.",Fortinet,Fortinet Fortiweb,7.3,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-12-08T12:55:42.000Z,0
CVE-2021-41015,https://securityvulnerability.io/vulnerability/CVE-2021-41015,Cross-Site Scripting Vulnerability in Fortinet FortiWeb,"A vulnerability in Fortinet FortiWeb, versions 6.4.1 and below, as well as 6.3.15 and below, allows attackers to exploit improper input neutralization during web page generation. This flaw enables the execution of arbitrary code or commands through specially crafted HTTP requests directed at the SAML login handler. Organizations using affected versions are at risk of unauthorized access and potential data compromise.",Fortinet,Fortinet Fortiweb,6.1,MEDIUM,0.002219999907538295,false,,false,false,false,,,false,false,,2021-12-08T12:39:00.000Z,0
CVE-2021-43064,https://securityvulnerability.io/vulnerability/CVE-2021-43064,Open Redirect Vulnerability in Fortinet FortiWeb Product,"An open redirect vulnerability in Fortinet FortiWeb allows attackers to redirect users to untrusted sites. This flaw impacts FortiWeb versions 6.4.1, 6.4.0, and earlier versions, enabling malicious actors to use the device as a proxy, granting access to external or protected hosts through manipulated redirection handlers. Organizations using affected versions are advised to implement security measures and updates to mitigate potential exploitation.",Fortinet,Fortinet Fortiweb,4.3,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2021-12-08T12:33:18.000Z,0
CVE-2021-36180,https://securityvulnerability.io/vulnerability/CVE-2021-36180,Command Injection Vulnerability in FortiWeb Management Interface by Fortinet,"FortiWeb management interface versions 6.4.1 and earlier, 6.3.15 and earlier, and 6.2.5 and earlier are susceptible to command injection vulnerabilities due to improper neutralization of special elements used in commands. This flaw enables an authenticated attacker to manipulate HTTP requests, potentially leading to unauthorized code execution through specially crafted parameters. Organizations using the affected versions should implement recommended patches and review security practices to mitigate risks.",Fortinet,Fortinet Fortiweb,8.1,HIGH,0.001180000021122396,false,,false,false,false,,,false,false,,2021-12-08T10:46:45.000Z,0
CVE-2021-36186,https://securityvulnerability.io/vulnerability/CVE-2021-36186,Stack-based Buffer Overflow Vulnerability in Fortinet FortiWeb Firewall,"A stack-based buffer overflow vulnerability in Fortinet's FortiWeb introduces a risk of unauthorized code execution. This flaw occurs in specific versions of the product, enabling attackers to send crafted HTTP requests that exploit the vulnerability. Successful exploitation can lead to significant security breaches, jeopardizing system integrity and data protection. Organizations utilizing affected versions should prioritize security updates to mitigate potential threats.",Fortinet,Fortinet Fortiweb,8.8,HIGH,0.0025100000202655792,false,,false,false,false,,,false,false,,2021-11-02T18:35:58.000Z,0
CVE-2021-36187,https://securityvulnerability.io/vulnerability/CVE-2021-36187,Uncontrolled Resource Consumption in Fortinet FortiWeb,"Fortinet FortiWeb is susceptible to an uncontrolled resource consumption vulnerability that allows attackers to exploit the webserver daemon. By sending specially crafted HTTP requests, an attacker can cause a denial of service, disrupting normal operations and potentially affecting the availability of the service to legitimate users. It is crucial for organizations using affected versions to implement necessary security measures and apply updates to safeguard against potential exploitation.",Fortinet,Fortinet Fortiweb,5.3,MEDIUM,0.0022299999836832285,false,,false,false,false,,,false,false,,2021-11-02T18:32:37.000Z,0
CVE-2021-36182,https://securityvulnerability.io/vulnerability/CVE-2021-36182,Command Injection Vulnerability in Fortinet FortiWeb Products,"An improper handling of special elements in command execution within Fortinet FortiWeb allows attackers to exploit this vulnerability and execute unauthorized commands through crafted HTTP requests. This can lead to significant security breaches, enabling potential data manipulation or system compromise.",Fortinet,Fortinet Fortiweb,8.8,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2021-09-08T10:20:57.000Z,0
CVE-2021-36179,https://securityvulnerability.io/vulnerability/CVE-2021-36179,Stack-based Buffer Overflow Vulnerability in Fortinet FortiWeb,"A stack-based buffer overflow vulnerability exists in Fortinet's FortiWeb, impacting versions 6.3.14 and below, as well as 6.2.4 and below. This vulnerability enables attackers to execute unauthorized code or commands by sending specially crafted parameters during Command Line Interface (CLI) command execution. Exploitation of this vulnerability poses significant risks to the integrity and security of affected systems.",Fortinet,Fortinet Fortiweb,8,HIGH,0.0009800000116229057,false,,false,false,false,,,false,false,,2021-09-08T10:15:48.000Z,0
CVE-2021-22123,https://securityvulnerability.io/vulnerability/CVE-2021-22123,OS Command Injection Vulnerability in FortiWeb by Fortinet,"FortiWeb's management interface exhibits an OS command injection vulnerability, allowing remote authenticated attackers to execute arbitrary commands on affected systems. This exploit targets the SAML server configuration page, where improper validation can enable an attacker to manipulate backend commands, potentially compromising the entire system. Users of FortiWeb versions 6.3.7 and below, along with earlier versions 6.2.3, 6.1.x, 6.0.x, and 5.9.x, should take immediate actions to patch their systems as per the advisory provided by Fortinet.",Fortinet,Fortinet Fortiweb,7.6,HIGH,0.021400000900030136,false,,false,false,true,2021-08-18T10:54:27.000Z,true,false,false,,2021-06-01T19:58:35.000Z,0
CVE-2020-15942,https://securityvulnerability.io/vulnerability/CVE-2020-15942,Information Disclosure Vulnerability in Fortinet's FortiWeb Product,"An information disclosure vulnerability exists in the Web Vulnerability Scan profile of Fortinet's FortiWeb. This flaw affects FortiWeb versions 6.2.x below 6.2.4 and versions 6.3.x below 6.3.5. A remote authenticated attacker can exploit this vulnerability to access the password utilized by the FortiWeb scanner for connecting to devices defined in the scan profile, potentially leading to unauthorized access and further security risks.",Fortinet,Fortinet Fortiweb,4.3,MEDIUM,0.0013000000035390258,false,,false,false,false,,,false,false,,2021-04-12T14:11:25.000Z,0
CVE-2021-22122,https://securityvulnerability.io/vulnerability/CVE-2021-22122,Reflected Cross Site Scripting Vulnerability in FortiWeb's GUI Interface by Fortinet,"An improper neutralization of input in web page generation within the FortiWeb GUI interface allows unauthenticated remote attackers to execute a reflected cross site scripting attack. These attackers can inject malicious payloads through various vulnerable API endpoints. This vulnerability affects FortiWeb versions from 6.3.0 to 6.3.7 and those prior to 6.2.4, emphasizing the necessity for timely updates and robust input validation practices.",Fortinet,Fortinet Fortiweb,6.1,MEDIUM,0.03523999825119972,false,,false,false,false,,,false,false,,2021-02-08T15:55:39.000Z,0
CVE-2020-29015,https://securityvulnerability.io/vulnerability/CVE-2020-29015,SQL Injection Vulnerability in FortiWeb Web Application Firewall by Fortinet,"A blind SQL injection vulnerability exists in the user interface of FortiWeb versions 6.3.0 to 6.3.7 and earlier versions prior to 6.2.4. This flaw allows attackers without authentication to send specially crafted requests containing malicious SQL statements within the Authorization header. By exploiting this vulnerability, an attacker could execute arbitrary SQL queries or commands, potentially compromising the integrity and confidentiality of the database.",Fortinet,Fortinet Fortiweb,9.8,CRITICAL,0.0013099999632686377,false,,false,false,false,,,false,false,,2021-01-14T16:07:20.000Z,0
CVE-2020-29018,https://securityvulnerability.io/vulnerability/CVE-2020-29018,Format String Vulnerability in FortiWeb by Fortinet,"A format string vulnerability exists in FortiWeb versions 6.3.0 through 6.3.5. This issue permits an authenticated, remote attacker to manipulate the redir parameter, potentially enabling them to read sensitive information from the memory. This vulnerability poses a significant risk for the confidentiality of sensitive data processed by affected systems.",Fortinet,Fortinet Fortiweb,8.8,HIGH,0.0023399998899549246,false,,false,false,false,,,false,false,,2021-01-14T16:06:03.000Z,0