Fortiadc Security Vulnerabilities and Issues — Fortiadc CVE List

Lucene search

FortinetFortiadc

8 matches found

CVE•added 2023/01/03 5:15 p.m.•70 views

CVE-2022-39947

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.2, FortiADC version 6.2.0 through 6.2.3, FortiADC version version 6.1.0 through 6.1.6, FortiADC version 6.0.0 through 6.0.4, FortiADC version 5.4.0 through 5.4...

8.8CVSS8.9AI score0.01401EPSS

CVE•added 2022/07/18 6:15 p.m.•61 views

CVE-2022-26120

Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP...

8.8CVSS9.1AI score0.0062EPSS

CVE•added 2022/11/02 12:15 p.m.•55 views

CVE-2022-35851

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may allow a remote and authenticated attacker to trigger a stored cross site scripting (XSS) attack via configuring a specially crafted IP Address.

8CVSS5.2AI score0.00698EPSS

CVE•added 2022/11/02 12:15 p.m.•54 views

CVE-2022-38374

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews.

8.8CVSS6.5AI score0.15011EPSS

CVE•added 2022/12/06 5:15 p.m.•47 views

CVE-2022-33875

An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP r...

8.8CVSS9.1AI score0.00614EPSS

CVE•added 2023/11/14 6:15 p.m.•36 views

CVE-2023-26205

An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric a...

8.8CVSS8.6AI score0.00203EPSS

CVE•added 2023/09/13 1:15 p.m.•35 views

CVE-2022-35849

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via specifica...

8.8CVSS8.7AI score0.00313EPSS

CVE•added 2025/03/11 3:15 p.m.•34 views

CVE-2023-37933

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPs requests.

8.8CVSS8.3AI score0.00026EPSS