Lucene search
K

14 matches found

NVD
NVD
added 2024/05/14 5:15 p.m.19 views

CVE-2023-40720

An authorization bypass through user-controlled key vulnerability CWE-639 in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests...

7.1CVSS6.8AI score0.00848EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/14 4:19 p.m.23 views

CVE-2023-40720

An authorization bypass through user-controlled key vulnerability CWE-639 in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests...

7.1CVSS7AI score0.00848EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/14 4:19 p.m.18 views

CVE-2023-40720

An authorization bypass through user-controlled key vulnerability CWE-639 in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via crafted HTTP or HTTPS requests...

7.1CVSS6.7AI score0.00848EPSS
Exploits0References1
CVE
CVE
added 2024/05/14 4:19 p.m.57 views

CVE-2023-40720

CVE-2023-40720 affects FortiVoice Enterprise (FortiVoiceEntreprise) versions 7.0.0–7.0.1 and before 6.4.8, where an authenticated attacker can bypass authorization via a user-controlled key to read other users’ SIP configurations by crafted HTTP/HTTPS requests. Root cause described as CWE-639 (au...

7.1CVSS6.6AI score0.00848EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/01/10 6:15 p.m.4 views

CVE-2023-37932

An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability CWE-22 in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests...

6.5CVSS5.9AI score0.00628EPSS
Exploits0References1
Prion
Prion
added 2024/01/10 6:15 p.m.23 views

Path traversal

An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability CWE-22 in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests...

4CVSS7AI score0.00628EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/10 5:48 p.m.8 views

CVE-2023-37932

An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability CWE-22 in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests...

6.5CVSS6.4AI score0.00628EPSS
Exploits0References1
CVE
CVE
added 2024/01/10 5:48 p.m.65 views

CVE-2023-37932

The CVE-2023-37932 entry describes a path traversal vulnerability in FortiVoiceEntreprise (Fortinet) affecting version 7.0.0 and earlier than 6.4.7. The issue stems from an improper limitation of a pathname to a restricted directory, allowing an authenticated attacker to read arbitrary files on t...

6.5CVSS6.3AI score0.00628EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/04/27 5:15 p.m.14 views

CVE-2020-9294

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface...

9.8CVSS9.7AI score0.77778EPSS
Exploits2References1
Prion
Prion
added 2020/04/27 5:15 p.m.16 views

Authentication flaw

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface...

7.5CVSS9.6AI score0.77778EPSS
Exploits2References1Affected Software2
Cvelist
Cvelist
added 2020/04/27 4:20 p.m.17 views

CVE-2020-9294

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface...

9.7AI score0.77778EPSS
Exploits2References1
CVE
CVE
added 2020/04/27 4:20 p.m.97 views

CVE-2020-9294

CVE-2020-9294 affects Fortinet FortiMail (versions 5.4.10 and earlier; 6.0.7 and earlier; 6.2.2 and earlier) and FortiVoiceEntreprise (6.0.0 and 6.0.1). The issue is an improper authentication vulnerability where a remote unauthenticated attacker can access the system as a legitimate user by subm...

9.8CVSS9.6AI score0.77778EPSS
Exploits2References1Affected Software2
Fortinet
Fortinet
added 2020/04/27 12:0 a.m.46 views

Authentication bypass in FortiMail and FortiVoiceEntreprise

An improper authentication vulnerability in FortiMail and FortiVoiceEntreprise may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface...

7.5CVSS5.7AI score0.77778EPSS
Exploits2Affected Software2
Positive Technologies
Positive Technologies
added 2020/04/27 12:0 a.m.5 views

PT-2020-5588 · Fortinet · Fortivoiceentreprise +1

Name of the Vulnerable Software and Affected Versions: FortiMail versions 5.4.10 and earlier, 6.0.7 and earlier, 6.2.2 and earlier FortiVoiceEntreprise versions 6.0.0 and 6.0.1 Description: The issue is related to weaknesses in the authentication procedure of the email protection system. It may...

10CVSS9.6AI score0.77778EPSS
Exploits2References6
Rows per page
Query Builder