VYPR

Fortiportal

by Fortinet

CVEs (46)

  • CVE-2021-32596Aug 4, 2021
    risk 0.00cvss epss 0.00

    A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to decrypt the passwords by means of precomputed tables.

  • CVE-2021-36168Aug 4, 2021
    risk 0.00cvss epss 0.01

    A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with…

  • CVE-2021-32590Aug 4, 2021
    risk 0.00cvss epss 0.02

    Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on…

  • CVE-2021-32594Aug 4, 2021
    risk 0.00cvss epss 0.01

    An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to potentially tamper with the underlying system's files via the upload of…

  • CVE-2017-7342Mar 25, 2019
    risk 0.00cvss epss 0.01

    A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button

  • CVE-2017-7340Mar 25, 2019
    risk 0.00cvss epss 0.01

    A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality.

Page 3 of 3