Vulnerabilities > Fortinet

DATE	CVE	VULNERABILITY TITLE	RISK
2021-01-14	CVE-2020-29015	SQL Injection vulnerability in Fortinet Fortiweb A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement. network low complexity fortinet CWE-89 critical	9.8
2020-10-21	CVE-2020-6648	Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortios and Fortiproxy A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command. network low complexity fortinet CWE-312	6.5
2020-09-24	CVE-2020-12815	Cross-site Scripting vulnerability in Fortinet Fortianalyzer and Fortitester An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. network low complexity fortinet CWE-79	5.4
2020-09-24	CVE-2020-12811	Cross-site Scripting vulnerability in Fortinet Fortianalyzer and Fortimanager An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field. network low complexity fortinet CWE-79	6.1
2020-09-24	CVE-2020-12818	Unspecified vulnerability in Fortinet Fortios An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed. network low complexity fortinet	5.3
2020-09-24	CVE-2020-12817	Cross-site Scripting vulnerability in Fortinet Fortianalyzer and Fortitester An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors. network low complexity fortinet CWE-79	8.8
2020-09-24	CVE-2020-12816	Cross-site Scripting vulnerability in Fortinet Fortinac An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users. network low complexity fortinet CWE-79	6.1
2020-08-14	CVE-2019-5591	Missing Authentication for Critical Function vulnerability in Fortinet Fortios A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server. low complexity fortinet CWE-306	6.5
2020-07-24	CVE-2020-12812	Improper Handling of Case Sensitivity vulnerability in Fortinet Fortios An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username. network low complexity fortinet CWE-178 critical	9.8
2020-06-22	CVE-2020-9288	Cross-site Scripting vulnerability in Fortinet Fortiwlc An improper neutralization of input vulnerability in FortiWLC 8.5.1 allows a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the ESS profile or the Radius Profile. network low complexity fortinet CWE-79	5.4

Vulnerabilities > Fortinet {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Fortinet"}]}

Vulnerabilities > Fortinet