Vulnerabilities > Fortinet > Fortiportal > 3.2.0

DATE CVE VULNERABILITY TITLE RISK
2022-04-06 CVE-2021-26104 OS Command Injection vulnerability in Fortinet Fortianalyzer, Fortimanager and Fortiportal
Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters.
local
low complexity
fortinet CWE-78
7.8
2022-03-01 CVE-2021-36171 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Fortinet Fortiportal
The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame.
network
high complexity
fortinet CWE-338
8.1
2021-08-04 CVE-2021-36168 Path Traversal vulnerability in Fortinet Fortiportal
A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values.
network
low complexity
fortinet CWE-22
6.5
2021-08-04 CVE-2021-32590 SQL Injection vulnerability in Fortinet Fortiportal
Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests.
network
low complexity
fortinet CWE-89
8.8
2019-03-25 CVE-2017-7342 Improper Input Validation vulnerability in Fortinet Fortiportal
A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button
network
low complexity
fortinet CWE-20
critical
9.8
2019-03-25 CVE-2017-7340 Cross-site Scripting vulnerability in Fortinet Fortiportal
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality.
network
low complexity
fortinet CWE-79
6.1
2017-05-27 CVE-2017-7731 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Fortinet Fortiportal
A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.
network
low complexity
fortinet CWE-640
7.5
2017-05-27 CVE-2017-7343 Open Redirect vulnerability in Fortinet Fortiportal
An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter.
network
low complexity
fortinet CWE-601
6.1
2017-05-27 CVE-2017-7339 Cross-site Scripting vulnerability in Fortinet Fortiportal
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality.
network
low complexity
fortinet CWE-79
6.1
2017-05-27 CVE-2017-7338 Information Exposure vulnerability in Fortinet Fortiportal
A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View.
network
low complexity
fortinet CWE-200
7.5