Lucene search

K

4 matches found

CVE
CVE
added 2024/07/09 4:15 p.m.42 views

CVE-2024-33509

An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the de...

4.8CVSS7.3AI score0.0007EPSS
CVE
CVE
added 2024/11/12 7:15 p.m.37 views

CVE-2024-36509

An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted password...

4.4CVSS6.4AI score0.00021EPSS
CVE
CVE
added 2024/06/03 8:15 a.m.33 views

CVE-2024-23107

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, 6.3 all versions may allow an authenticated attacker to read password hashes of other administrators via CLI commands.

5.5CVSS6.5AI score0.00099EPSS
CVE
CVE
added 2024/06/03 10:15 a.m.33 views

CVE-2024-23665

Multiple improper authorization vulnerabilities [CWE-285] in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and below, version 6.4.3 and below, version 6.3.23 and below may allow an authenticated attacker to perform unauthorized ADOM operations via crafted requests.

8.8CVSS7.1AI score0.00201EPSS