Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
FortinetFortideceptor

9 matches found

CVE
CVEadded 2022/07/19 2:15 p.m.71 views

CVE-2022-30302

Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web...

8.1CVSS8AI score0.00599EPSS
CVE
CVEadded 2022/11/02 12:15 p.m.53 views

CVE-2022-38373

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.

8CVSS5.2AI score0.00729EPSS
CVE
CVEadded 2021/01/14 4:15 p.m.52 views

CVE-2020-29017

An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.

9CVSS8.8AI score0.05091EPSS
CVE
CVEadded 2023/04/11 5:15 p.m.52 views

CVE-2022-27487

A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS request...

8.8CVSS8.2AI score0.0067EPSS
CVE
CVEadded 2022/12/06 5:15 p.m.51 views

CVE-2022-30305

An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a rem...

7.5CVSS7.6AI score0.00156EPSS
CVE
CVEadded 2025/01/15 11:15 a.m.43 views

CVE-2024-35280

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a reflected cross-site scripting attack in the r...

6.1CVSS5.3AI score0.00037EPSS
CVE
CVEadded 2025/01/14 2:15 p.m.40 views

CVE-2024-45326

An Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests.

4.3CVSS4.5AI score0.00048EPSS
CVE
CVEadded 2023/03/09 3:15 p.m.37 views

CVE-2023-26209

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

5.3CVSS5.5AI score0.05073EPSS
CVE
CVEadded 2020/06/22 4:15 p.m.34 views

CVE-2020-6644

An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks.

8.1CVSS8AI score0.00408EPSS