Vulnerabilities > Fortinet
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-02 | CVE-2021-36184 | SQL Injection vulnerability in Fortinet Fortiwlm A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests. | 6.5 |
| 2021-11-02 | CVE-2021-36185 | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 8.8 |
| 2021-11-02 | CVE-2021-36186 | Out-of-bounds Write vulnerability in Fortinet Fortiweb A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests | 9.8 |
| 2021-11-02 | CVE-2021-36187 | Resource Exhaustion vulnerability in Fortinet Fortiweb A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to cause a denial of service for webserver daemon via crafted HTTP requests | 7.5 |
| 2021-11-02 | CVE-2021-41022 | Improper Privilege Management vulnerability in Fortinet Fortisiem A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts | 7.8 |
| 2021-11-02 | CVE-2021-41023 | Insufficiently Protected Credentials vulnerability in Fortinet Fortisiem A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log files | 5.5 |
| 2021-11-02 | CVE-2021-42754 | Code Injection vulnerability in Fortinet Forticlient An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera without the user permission via the malicious dylib file. | 5.0 |
| 2021-11-02 | CVE-2020-12814 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI. | 5.4 |
| 2021-11-02 | CVE-2020-15940 | Cross-site Scripting vulnerability in Fortinet Forticlient Enterprise Management Server An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server. | 5.4 |
| 2021-11-02 | CVE-2021-26107 | Unspecified vulnerability in Fortinet Fortimanager 6.4.4/6.4.5 An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager. | 4.3 |