Fortiadc Security Vulnerabilities and Issues — Fortiadc CVE List

Lucene search

FortinetFortiadc

9 matches found

CVE•added 2022/08/05 8:15 p.m.•112 views

CVE-2022-22299

A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 throu...

7.8CVSS7.8AI score0.00133EPSS

CVE•added 2022/07/18 6:15 p.m.•62 views

CVE-2022-26120

Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP...

8.8CVSS9.1AI score0.00629EPSS

CVE•added 2022/11/02 12:15 p.m.•56 views

CVE-2022-35851

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may allow a remote and authenticated attacker to trigger a stored cross site scripting (XSS) attack via configuring a specially crafted IP Address.

8CVSS5.2AI score0.00705EPSS

CVE•added 2022/11/02 12:15 p.m.•56 views

CVE-2022-38381

An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection s...

9.8CVSS9.5AI score0.00019EPSS

CVE•added 2022/08/03 2:15 p.m.•55 views

CVE-2022-27484

A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request.

5.4CVSS4.5AI score0.00133EPSS

CVE•added 2022/11/02 12:15 p.m.•55 views

CVE-2022-38374

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews.

8.8CVSS6.5AI score0.15133EPSS

CVE•added 2022/09/06 4:15 p.m.•53 views

CVE-2021-43076

An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5 and below, 6.0.4 and below, 5.4.5 and below and 5.3.7 and below may allow a remote authenticated attacker with restricted user profile to modify the system files using the shell access.

6.5CVSS6.2AI score0.0014EPSS

CVE•added 2022/12/06 5:15 p.m.•48 views

CVE-2022-33875

An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP r...

8.8CVSS9.1AI score0.00767EPSS

CVE•added 2022/12/06 5:15 p.m.•40 views

CVE-2022-33876

Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests.

6.5CVSS6.3AI score0.00518EPSS