Fortiweb@6.4.2 Security Vulnerabilities and Issues — Fortiweb@6.4.2 CVE List

Lucene search

FortinetFortiweb6.4.2

9 matches found

CVE•added 2023/02/16 7:15 p.m.•47 views

CVE-2022-30306

A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password.

8.8CVSS8.9AI score0.00235EPSS

CVE•added 2023/02/16 7:15 p.m.•45 views

CVE-2022-30299

A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially craf...

5.3CVSS4.5AI score0.00299EPSS

CVE•added 2023/02/16 7:15 p.m.•44 views

CVE-2023-23778

A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests.

6.5CVSS6.2AI score0.00144EPSS

CVE•added 2023/02/16 7:15 p.m.•43 views

CVE-2022-30303

An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions may allow an authenticated attacker to execute arbitrary shell code as root user via crafted HTTP requests.

8.8CVSS8.9AI score0.01598EPSS

CVE•added 2023/02/16 7:15 p.m.•40 views

CVE-2022-30300

A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests.

6.5CVSS6.2AI score0.0042EPSS

CVE•added 2021/12/08 7:15 p.m.•39 views

CVE-2021-41025

Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared resource with improper synchronization and one of auth...

9.8CVSS9.8AI score0.00756EPSS

CVE•added 2023/02/16 7:15 p.m.•37 views

CVE-2022-33871

A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI execute backup-local rename and execute backup-local show oper...

7.2CVSS7.3AI score0.0018EPSS

CVE•added 2023/01/03 5:15 p.m.•37 views

CVE-2022-42471

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary he...

5.4CVSS5.6AI score0.004EPSS

CVE•added 2023/02/16 7:15 p.m.•37 views

CVE-2023-23779

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted param...

8.8CVSS8.9AI score0.00154EPSS