VYPR

FortiWeb

by FortiWeb

CVEs (5)

  • CVE-2021-42761CriFeb 16, 2023
    risk 0.59cvss 9.0epss 0.01

    A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to…

  • CVE-2021-22123HigJun 1, 2021
    risk 0.56cvss 7.6epss 0.77

    An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.

  • CVE-2021-36193MedFeb 2, 2022
    risk 0.44cvss 6.7epss 0.01

    Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.

  • CVE-2023-23778MedFeb 16, 2023
    risk 0.32cvss 4.9epss 0.01

    A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests.

  • CVE-2022-29059LowMar 14, 2025
    risk 0.18cvss 2.7epss 0.00

    An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb version 7.0.1 and below, 6.4.2 and below, 6.3.20 and below, 6.2.7 and below may allow a privileged attacker to execute SQL commands over the log database…