Fortinet FortiPortal 5.2.7

CPE Details

Fortinet FortiPortal 5.2.7
fortinet
fortiportal
5.2.7
2021-11-04
12h15 +00:00
2021-11-05
11h56 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:fortinet:fortiportal:5.2.7:*:*:*:*:*:*:*

Informations

Vendor

fortinet

Product

fortiportal

Version

5.2.7

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-32589 2024-12-19 12h22 +00:00 A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device.
9.8
Critique
CVE-2021-42757 2021-12-08 10h01 +00:00 A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
6.7
Moyen
CVE-2021-36174 2021-11-02 17h15 +00:00 A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially crafted license blobs.
7.5
Haute
CVE-2021-36176 2021-11-02 17h10 +00:00 Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.
6.1
Moyen
CVE-2021-32595 2021-11-02 17h04 +00:00 Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests.
6.5
Moyen
CVE-2021-36181 2021-11-02 16h22 +00:00 A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific coordination of web requests.
3.1
Bas
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.