cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-36509,https://securityvulnerability.io/vulnerability/CVE-2024-36509,,"An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the ""Log Access Event"" logs page.",Fortinet,Fortiweb,4.4,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-12T19:15:00.000Z,0
CVE-2024-33509,https://securityvulnerability.io/vulnerability/CVE-2024-33509,,"An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF).",Fortinet,Fortiweb,4.8,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-07-09T16:15:00.000Z,0
CVE-2024-23665,https://securityvulnerability.io/vulnerability/CVE-2024-23665,Unauthorized ADOM Operations via Crafted Requests,"Multiple improper authorization vulnerabilities exist in various versions of FortiWeb, which may permit an authenticated attacker to execute unauthorized actions within the ADOM framework through specially crafted requests. These vulnerabilities underscore the importance of regular updates and vigilance in securing Fortinet products against potential exploitation that could compromise authorized operations.",Fortinet,Fortiweb,8.8,HIGH,0.0005000000237487257,false,false,false,false,,false,false,2024-06-03T09:50:33.614Z,0
CVE-2024-23107,https://securityvulnerability.io/vulnerability/CVE-2024-23107,Unauthorized Access to Sensitive Information in FortiWeb Products,"A vulnerability exists in FortiWeb, a web application firewall by Fortinet, where authenticated attackers can exploit an information exposure flaw. This vulnerability may permit attackers to access sensitive password hashes of other administrators through CLI commands. Affected are multiple versions, thereby highlighting significant security implications for organizations relying on this firewall solution.",Fortinet,Fortiweb,5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-06-03T07:55:21.908Z,0
CVE-2023-46713,https://securityvulnerability.io/vulnerability/CVE-2023-46713,,"An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application.",Fortinet,FortiWeb,4.9,MEDIUM,0.0006300000241026282,false,false,false,false,,false,false,2023-12-13T07:15:00.000Z,0
CVE-2023-34984,https://securityvulnerability.io/vulnerability/CVE-2023-34984,Protection Mechanism Failure in Fortinet FortiWeb Products,"A protection mechanism failure in Fortinet FortiWeb products enables attackers to execute unauthorized code or commands by sending specially crafted HTTP requests. This vulnerability affects multiple versions of the product, potentially compromising the security of networks utilizing FortiWeb. Organizations should focus on securing their installations and patching the affected versions to mitigate risks associated with this vulnerability. For detailed information, refer to the official Fortinet advisory.",Fortinet,Fortiweb,7.1,HIGH,0.0017399999778717756,false,false,false,false,,false,false,2023-09-13T13:15:00.000Z,0
CVE-2023-23777,https://securityvulnerability.io/vulnerability/CVE-2023-23777,OS Command Injection Vulnerability in FortiWeb by Fortinet,"An OS command injection vulnerability has been identified in FortiWeb, affecting versions 7.0.1 and below, all versions of 6.4, and 6.3.18 and below. This issue arises from improper neutralization of special elements within OS command inputs, allowing a privileged attacker to craft specific CLI backup parameters. Successful exploitation can enable the execution of arbitrary bash commands, posing significant risks to system integrity and security. Organizations using FortiWeb should assess their versions and implement necessary updates to safeguard against this vulnerability.",Fortinet,Fortiweb,7.2,HIGH,0.0014799999771639705,false,false,false,false,,false,false,2023-07-11T09:15:00.000Z,0
CVE-2023-33305,https://securityvulnerability.io/vulnerability/CVE-2023-33305,,"A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions,  FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.",Fortinet,"Fortiweb,FortiOS,Fortiproxy",4.9,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2023-06-13T09:15:00.000Z,0
CVE-2022-43955,https://securityvulnerability.io/vulnerability/CVE-2022-43955,Reflected Cross-Site Scripting Vulnerability in FortiWeb's Web Interface,"An improper neutralization of input in the FortiWeb web interface versions ranging from 7.0.0 to 7.0.3, and in various 6.xx and 5.xx releases, can allow unauthenticated remote attackers to execute reflected cross-site scripting (XSS) attacks. This is achieved by injecting malicious payloads into log entries that the application uses to generate reports, which can be exploited during the web page generation process, posing significant risks to the security of users interacting with the affected system.",Fortinet,Fortiweb,8,HIGH,0.0007999999797903001,false,false,false,false,,false,false,2023-04-11T16:06:43.147Z,0
CVE-2022-43948,https://securityvulnerability.io/vulnerability/CVE-2022-43948,,"A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions, FortiADC 6.0 all versions, FortiADC 5.4 all versions, FortiADC 5.3 all versions, FortiADC 5.2 all versions, FortiADC 5.1 all versions allows attacker to execute unauthorized code or commands via specifically crafted arguments to existing commands.",Fortinet,"Fortiweb,Fortiadc",6.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-04-11T16:06:08.263Z,0
CVE-2022-22297,https://securityvulnerability.io/vulnerability/CVE-2022-22297,,"An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.",Fortinet,"Fortirecorder,Fortiweb",5.2,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-03-07T16:04:48.484Z,0
CVE-2022-39951,https://securityvulnerability.io/vulnerability/CVE-2022-39951,OS Command Injection Vulnerability in Fortinet FortiWeb,"An OS command injection vulnerability exists in Fortinet's FortiWeb products, specifically in versions 7.0.0 through 7.0.2 and 6.3.6 through 6.3.20. This flaw allows attackers to execute unauthorized commands on the server through specially crafted HTTP requests, potentially compromising system security and data integrity. Administrators are advised to update to the latest secure versions to mitigate this risk.",Fortinet,Fortiweb,7.2,HIGH,0.0013200000394135714,false,false,false,false,,false,false,2023-03-07T16:04:38.353Z,0
CVE-2023-22636,https://securityvulnerability.io/vulnerability/CVE-2023-22636,,"An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.",Fortinet,Fortiweb,6.6,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2023-02-27T09:15:00.000Z,0
CVE-2023-23783,https://securityvulnerability.io/vulnerability/CVE-2023-23783,,"A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments.",Fortinet,Fortiweb,6.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2023-02-16T19:15:00.000Z,0
CVE-2023-23778,https://securityvulnerability.io/vulnerability/CVE-2023-23778,,"A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests.",Fortinet,Fortiweb,4.7,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2023-02-16T19:15:00.000Z,0
CVE-2023-23779,https://securityvulnerability.io/vulnerability/CVE-2023-23779,,"Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.",Fortinet,Fortiweb,6.6,MEDIUM,0.0014799999771639705,false,false,false,false,,false,false,2023-02-16T19:15:00.000Z,0
CVE-2023-23782,https://securityvulnerability.io/vulnerability/CVE-2023-23782,Heap-Based Buffer Overflow in Fortinet FortiWeb Products,"Fortinet FortiWeb is susceptible to a heap-based buffer overflow affecting multiple versions, including 7.0.0 to 7.0.1 and all versions of 6.4, 6.2, and 6.1. This vulnerability allows an attacker to exploit this weakness through specially crafted arguments to existing commands, potentially leading to privilege escalation. Users should apply recommended patches to mitigate this security risk.",Fortinet,Fortiweb,7.1,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-02-16T19:15:00.000Z,0
CVE-2023-23780,https://securityvulnerability.io/vulnerability/CVE-2023-23780,Stack-based Buffer Overflow in Fortinet FortiWeb Affects Security,"A stack-based buffer overflow vulnerability exists in Fortinet FortiWeb, specifically in versions 7.0.0 through 7.0.1 and versions 6.3.6 through 6.3.19. This flaw allows an attacker to escalate their privileges by sending specially crafted HTTP requests, potentially compromising the security and integrity of the application.",Fortinet,Fortiweb,7.6,HIGH,0.0008299999753944576,false,false,false,false,,false,false,2023-02-16T19:15:00.000Z,0
CVE-2023-23784,https://securityvulnerability.io/vulnerability/CVE-2023-23784,,"A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially crafted web requests.",Fortinet,Fortiweb,5.6,MEDIUM,0.0006799999973736703,false,false,false,false,,false,false,2023-02-16T19:15:00.000Z,0
CVE-2023-23781,https://securityvulnerability.io/vulnerability/CVE-2023-23781,,"A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files.",Fortinet,Fortiweb,6.1,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2023-02-16T19:15:00.000Z,0
CVE-2023-25602,https://securityvulnerability.io/vulnerability/CVE-2023-25602,Buffer Overflow Vulnerability in Fortinet FortiWeb Web Application Firewall,"A stack-based buffer overflow has been identified in Fortinet FortiWeb web application firewall, allowing attackers to leverage specially crafted command arguments to execute unauthorized code or commands on the affected systems. This vulnerability impacts several versions of FortiWeb and poses a significant risk to the security of web applications. Users are strongly advised to apply the latest updates to mitigate potential exploitation.",Fortinet,Fortiweb,7.4,HIGH,0.0006099999882280827,false,false,false,false,,false,false,2023-02-16T19:15:00.000Z,0
CVE-2022-40683,https://securityvulnerability.io/vulnerability/CVE-2022-40683,Double Free Vulnerability in Fortinet FortiWeb Products,"A double free vulnerability exists in Fortinet FortiWeb versions 7.0.0 through 7.0.3, which may allow an attacker to execute unauthorized code or commands by sending specially crafted input. This flaw can jeopardize the integrity and security of the affected systems, posing a significant risk if exploited. Users are encouraged to review their FortiWeb configurations and update to secure versions as detailed in the vendor's security advisory.",Fortinet,Fortiweb,7.1,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2023-02-16T18:07:04.143Z,0
CVE-2022-30306,https://securityvulnerability.io/vulnerability/CVE-2022-30306,,"A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password.",Fortinet,Fortiweb,6.3,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2023-02-16T18:06:14.226Z,0
CVE-2022-33871,https://securityvulnerability.io/vulnerability/CVE-2022-33871,,"A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI `execute backup-local rename` and `execute backup-local show` operations.",Fortinet,Fortiweb,6.3,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2023-02-16T18:06:11.661Z,0
CVE-2021-42756,https://securityvulnerability.io/vulnerability/CVE-2021-42756,Stack-Based Buffer Overflow Vulnerabilities in FortiWeb Proxy Daemon,"Multiple stack-based buffer overflow vulnerabilities exist in the proxy daemon of FortiWeb. These vulnerabilities affect various versions of FortiWeb, allowing unauthenticated remote attackers to execute arbitrary code by sending specially crafted HTTP requests. Organizations using vulnerable FortiWeb versions should take immediate action to mitigate the risk associated with these vulnerabilities.",Fortinet,Fortiweb,9.3,CRITICAL,0.0020200000144541264,false,false,false,true,true,false,false,2023-02-16T18:05:39.442Z,0