Fortinet Fortiweb 5.1.0

CPE Details

Fortinet Fortiweb 5.1.0
fortinet
fortiweb
5.1.0
2014-05-08
13h00 +00:00
2014-07-17
15h25 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:fortinet:fortiweb:5.1.0:*:*:*:*:*:*:*

Informations

Vendor

fortinet

Product

fortiweb

Version

5.1.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-36193 2022-02-02 10h19 +00:00 Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.
7.2
Haute
CVE-2021-42757 2021-12-08 10h01 +00:00 A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
6.7
Moyen
CVE-2021-36182 2021-09-08 08h20 +00:00 A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests
8.8
Haute
CVE-2021-36179 2021-09-08 08h15 +00:00 A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution
8.8
Haute
CVE-2021-22122 2021-02-08 14h55 +00:00 An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.
6.1
Moyen
CVE-2020-29015 2021-01-14 15h07 +00:00 A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.
9.8
Critique
CVE-2020-29016 2021-01-14 15h04 +00:00 A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.
9.8
Critique
CVE-2020-29019 2021-01-14 15h01 +00:00 A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header.
5.3
Moyen
CVE-2020-6646 2020-03-17 11h49 +00:00 An improper neutralization of input vulnerability in FortiWeb allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Disclaimer Description of a Replacement Message.
5.4
Moyen
CVE-2019-16157 2020-03-13 14h02 +00:00 An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands.
6.5
Moyen
CVE-2019-5590 2019-08-28 14h45 +00:00 The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form.
6.1
Moyen
CVE-2017-7736 2017-11-22 17h00 +00:00 A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import.
5.4
Moyen
CVE-2017-7737 2017-08-10 21h00 +00:00 An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code.
4.9
Moyen
CVE-2017-3129 2017-05-26 20h00 +00:00 A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature.
6.1
Moyen
CVE-2016-4066 2016-07-13 13h00 +00:00 Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb before 5.5.3 allows remote attackers to hijack the authentication of administrators for requests that change the password via unspecified vectors.
8.8
Haute
CVE-2016-5092 2016-07-13 13h00 +00:00 Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn feature.
4.9
Moyen
CVE-2014-4738 2014-07-11 18h00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) user/ldap_user/check_dlg or (2) user/radius_user/check_dlg.
4.3
CVE-2014-3115 2014-05-08 12h00 +00:00 Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors.
6.8
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.