Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Fortiwlm Security Vulnerabilities

cve
cve

CVE-2017-7336

A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges.

9.8CVSS

9.5AI Score

0.004EPSS

2017-07-22 09:29 PM
26
cve
cve

CVE-2021-36184

A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests.

8.8CVSS

6.5AI Score

0.001EPSS

2021-11-02 07:15 PM
22
cve
cve

CVE-2021-36185

A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.

8.8CVSS

9AI Score

0.001EPSS

2021-11-02 07:15 PM
26
cve
cve

CVE-2021-41029

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests

6.4CVSS

5.5AI Score

0.001EPSS

2021-12-08 12:15 PM
24
6
cve
cve

CVE-2021-42752

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP requests

5.4CVSS

5.7AI Score

0.001EPSS

2021-12-08 12:15 PM
26
6
cve
cve

CVE-2021-42760

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests.

8.8CVSS

8.4AI Score

0.001EPSS

2021-12-08 12:15 PM
24
6
cve
cve

CVE-2021-43070

Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.

6.5CVSS

6.5AI Score

0.001EPSS

2022-03-02 05:15 PM
67
cve
cve

CVE-2021-43075

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to ...

8.8CVSS

8.9AI Score

0.001EPSS

2022-03-01 07:15 PM
75
cve
cve

CVE-2021-43077

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP...

8.8CVSS

8.9AI Score

0.001EPSS

2022-03-01 07:15 PM
71
cve
cve

CVE-2023-34985

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.

8.8CVSS

8.9AI Score

0.001EPSS

2023-10-10 05:15 PM
18
cve
cve

CVE-2023-34986

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.

8.8CVSS

8.9AI Score

0.001EPSS

2023-10-10 05:15 PM
14
cve
cve

CVE-2023-34987

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.

8.8CVSS

8.9AI Score

0.001EPSS

2023-10-10 05:15 PM
20
cve
cve

CVE-2023-34988

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.

8.8CVSS

8.9AI Score

0.001EPSS

2023-10-10 05:15 PM
15
cve
cve

CVE-2023-34989

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.

8.8CVSS

8.9AI Score

0.001EPSS

2023-10-10 05:15 PM
20
cve
cve

CVE-2023-34991

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http reque...

9.8CVSS

9.4AI Score

0.001EPSS

2023-11-14 06:15 PM
48
cve
cve

CVE-2023-34993

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.

9.8CVSS

9.6AI Score

0.973EPSS

2023-10-10 05:15 PM
22
cve
cve

CVE-2023-36547

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.

9.8CVSS

9.6AI Score

0.001EPSS

2023-10-10 05:15 PM
20
cve
cve

CVE-2023-36548

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.

9.8CVSS

9.6AI Score

0.001EPSS

2023-10-10 05:15 PM
21
cve
cve

CVE-2023-36549

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.

9.8CVSS

9.6AI Score

0.001EPSS

2023-10-10 05:15 PM
16
cve
cve

CVE-2023-36550

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.

9.8CVSS

9.6AI Score

0.001EPSS

2023-10-10 05:15 PM
13
cve
cve

CVE-2023-42783

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests.

7.5CVSS

7.4AI Score

0.001EPSS

2023-11-14 06:15 PM
24
cve
cve

CVE-2023-48782

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters

8.8CVSS

8.8AI Score

0.001EPSS

2023-12-13 07:15 AM
11