Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-02 | CVE-2021-41023 | Insufficiently Protected Credentials vulnerability in Fortinet Fortisiem A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files | 5.5 |
| 2021-11-02 | CVE-2021-42754 | Code Injection vulnerability in Fortinet Forticlient An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file. | 5.0 |
| 2021-11-02 | CVE-2020-12814 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI. | 5.4 |
| 2021-11-02 | CVE-2020-15940 | Cross-site Scripting vulnerability in Fortinet Forticlient Enterprise Management Server An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server. | 5.4 |
| 2021-11-02 | CVE-2021-26107 | Unspecified vulnerability in Fortinet Fortimanager 6.4.4/6.4.5 An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager. | 4.3 |
| 2021-11-02 | CVE-2021-32595 | Resource Exhaustion vulnerability in Fortinet Fortiportal Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests. | 6.5 |
| 2021-11-02 | CVE-2021-36172 | XXE vulnerability in Fortinet Fortiportal An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents. | 8.1 |
| 2021-11-02 | CVE-2021-36181 | Race Condition vulnerability in Fortinet Fortiportal A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific coordination of web requests. | 3.1 |
| 2021-11-02 | CVE-2021-41019 | Improper Certificate Validation vulnerability in Fortinet Fortios An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials. | 6.5 |
| 2021-10-06 | CVE-2020-15941 | Path Traversal vulnerability in Fortinet Forticlient Endpoint Management Server A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages. | 5.4 |