Vulnerabilities > Fortinet > Fortiadc > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-25603 Overly Permissive Cross-domain Whitelist vulnerability in Fortinet Fortiadc and Fortiddos-F
A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 - 7.1.1, FortiDDoS-F 6.3.0 - 6.3.4 and 6.4.0 - 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests.
network
low complexity
fortinet CWE-942
critical
 9.1
9.1
2022-11-02 CVE-2022-38381 Unspecified vulnerability in Fortinet Fortiadc
An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2.
network
low complexity
fortinet
critical
 9.8
9.8