Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
fortinet

fortiweb

57 Versions 35 CVEs

Versions

6.2.0

SEMANTIC 9 CVEs

6.3.19

SEMANTIC 8 CVEs

7.0.8

SEMANTIC 1 CVE

6.2.6

SEMANTIC 3 CVEs

6.0.8

SEMANTIC 5 CVEs

6.3.16

SEMANTIC 3 CVEs

7.2.4

SEMANTIC 1 CVE

7.6.1

SEMANTIC 1 CVE

7.2.0

SEMANTIC 10 CVEs

6.3.17

SEMANTIC 2 CVEs

7.4.2

SEMANTIC 1 CVE

6.2.3

SEMANTIC 1 CVE

5.8.5

SEMANTIC 3 CVEs

6.0.2 and below

OTHER 1 CVE

5.8.0

SEMANTIC 3 CVEs

7.0.4

SEMANTIC 1 CVE

5.6.0

SEMANTIC 3 CVEs

5.6.2

SEMANTIC 3 CVEs

7.0.10

SEMANTIC 6 CVEs

6.1.0

SEMANTIC 8 CVEs

7.4.4

SEMANTIC 1 CVE

6.1.2

SEMANTIC 3 CVEs

5.8.7

SEMANTIC 3 CVEs

7.2.1

SEMANTIC 3 CVEs

7.4.0

SEMANTIC 7 CVEs

6.4.1

SEMANTIC 2 CVEs

6.3.0

SEMANTIC 16 CVEs

7.4.1

SEMANTIC 1 CVE

7.2.10

SEMANTIC 3 CVEs

7.0.0

SEMANTIC 28 CVEs

6.1.3

SEMANTIC 5 CVEs

7.0.1

SEMANTIC 12 CVEs

7.0.2

SEMANTIC 3 CVEs

7.2.5

SEMANTIC 1 CVE

6.3.18

SEMANTIC 2 CVEs

5.8.3

SEMANTIC 3 CVEs

6.0.7

SEMANTIC 3 CVEs

6.3.21

SEMANTIC 4 CVEs

5.7.0

SEMANTIC 3 CVEs

6.3.6

SEMANTIC 13 CVEs

7.0.3

SEMANTIC 3 CVEs

5.9.1

SEMANTIC 3 CVEs

7.4.3

SEMANTIC 1 CVE

6.3.20

SEMANTIC 2 CVEs

7.4.6

SEMANTIC 1 CVE

6.3.23

SEMANTIC 8 CVEs

6.4.2

SEMANTIC 19 CVEs

6.0.0

SEMANTIC 8 CVEs

6.4.0

SEMANTIC 28 CVEs

6.2.7

SEMANTIC 6 CVEs

7.0.6

SEMANTIC 2 CVEs

6.4.3

SEMANTIC 7 CVEs

7.2.7

SEMANTIC 2 CVEs

6.2.8

SEMANTIC 1 CVE

7.6.0

SEMANTIC 3 CVEs

5.7.3

SEMANTIC 3 CVEs

5.9.0

SEMANTIC 3 CVEs

Recent CVEs

CVE-2022-43955

An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report.

HIGH Apr 11, 2023

CVE-2022-43948

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions, FortiADC 6.0 all versions, FortiADC 5.4 all versions, FortiADC 5.3 all versions, FortiADC 5.2 all versions, FortiADC 5.1 all versions allows attacker to execute unauthorized code or commands via specifically crafted arguments to existing commands.

MEDIUM Apr 11, 2023

CVE-2022-22297

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.

MEDIUM Mar 07, 2023

CVE-2022-39951

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.

HIGH Mar 07, 2023

CVE-2022-40683

A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may allows attacker to execute unauthorized code or commands via specially crafted commands

HIGH Feb 16, 2023

CVE-2022-33871

A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI `execute backup-local rename` and `execute backup-local show` operations.

MEDIUM Feb 16, 2023

CVE-2021-42756

Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.

CRITICAL Feb 16, 2023

CVE-2021-42761

A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session.

HIGH Feb 16, 2023

CVE-2021-43074

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.

MEDIUM Feb 16, 2023

CVE-2022-42471

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers.

MEDIUM Jan 03, 2023