Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
fortinet

Fortinet FortiWeb

14 Versions 14 CVEs

Versions

6.2.0

SEMANTIC 1 CVE

FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4

OTHER 1 CVE

6.0.5

SEMANTIC 1 CVE

FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4

OTHER 1 CVE

FortiWeb 6.4.1, 6.4.0, 6.3.0 through 6.3.15

OTHER 1 CVE

FortiWeb 6.3.4, 6.2.3

OTHER 1 CVE

FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15

OTHER 2 CVEs

6.2.0 and earlier

OTHER 1 CVE

FortiWeb 6.3.0 through 6.3.5

OTHER 1 CVE

6.1.1

SEMANTIC 1 CVE

FortiWeb 6.4.1 and below, 6.3.15 and below, 6.2.5 and below

OTHER 1 CVE

FortiWeb 6.4.1, 6.4.0

OTHER 2 CVEs

FortiWeb 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2

OTHER 1 CVE

FortiWeb 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x

OTHER 1 CVE

Recent CVEs

CVE-2021-41026

A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.

MEDIUM Apr 06, 2022

CVE-2021-36194

Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted requests.

HIGH Dec 09, 2021

CVE-2021-41017

Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 through 6.3.15 may allow a remote authenticated attacker to execute arbitrary code or commands via specifically crafted HTTP requests.

HIGH Dec 08, 2021

CVE-2021-36195

Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments.

MEDIUM Dec 08, 2021

CVE-2021-41027

A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code or commands via crafted certificates loaded into the device.

HIGH Dec 08, 2021

CVE-2021-41015

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login handler

MEDIUM Dec 08, 2021