Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-14 | CVE-2024-48890 | OS Command Injection vulnerability in Fortinet Fortisoar Imap Connector 3.5.6/3.5.7 An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook | 8.8 |
| 2025-01-14 | CVE-2024-48893 | Cross-site Scripting vulnerability in Fortinet Fortisoar An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malicious playbook. | 5.4 |
| 2025-01-14 | CVE-2024-50564 | Use of Hard-coded Credentials vulnerability in Fortinet Forticlient A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped. | 3.3 |
| 2025-01-14 | CVE-2024-50566 | OS Command Injection vulnerability in Fortinet Fortimanager and Fortimanager Cloud A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7.6.1, versions 7.4.0 through 7.4.4, and versions 7.2.2 through 7.2.7 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests. | 8.8 |
| 2025-01-14 | CVE-2024-52963 | Out-of-bounds Write vulnerability in Fortinet Fortios A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets. | 5.9 |
| 2025-01-14 | CVE-2024-52967 | Cross-site Scripting vulnerability in Fortinet Fortiportal An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection. | 4.8 |
| 2025-01-14 | CVE-2024-52969 | SQL Injection vulnerability in Fortinet Fortisiem An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests. | 6.5 |
| 2025-01-14 | CVE-2024-54021 | Interpretation Conflict vulnerability in Fortinet Fortios and Fortiproxy An improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header. | 9.8 |
| 2025-01-14 | CVE-2024-55591 | Unspecified vulnerability in Fortinet Fortios and Fortiproxy An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. | 9.8 |
| 2025-01-14 | CVE-2024-55593 | SQL Injection vulnerability in Fortinet Fortiweb A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries | 2.7 |