Vulnerabilities > Fortinet > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-09 CVE-2021-36189 Missing Encryption of Sensitive Data vulnerability in Fortinet Forticlient Enterprise Management Server
A missing encryption of sensitive data in Fortinet FortiClientEMS version 7.0.1 and below, version 6.4.4 and below allows attacker to information disclosure via inspecting browser decrypted data
network
low complexity
fortinet CWE-311
4.9
2021-12-09 CVE-2021-43204 Unspecified vulnerability in Fortinet Forticlient
A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions.
local
low complexity
fortinet
4.4
2021-12-08 CVE-2021-41021 Unspecified vulnerability in Fortinet Fortinac
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may allow an admin user to escalate the privileges to root via the sudo command.
local
low complexity
fortinet
6.7
2021-12-08 CVE-2021-36188 Cross-site Scripting vulnerability in Fortinet Fortiweb
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers
network
low complexity
fortinet CWE-79
6.1
2021-12-08 CVE-2021-41013 Incorrect Authorization vulnerability in Fortinet Fortiweb
An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs.
network
low complexity
fortinet CWE-863
5.3
2021-12-08 CVE-2021-36190 Unspecified vulnerability in Fortinet Fortiweb
A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests.
network
low complexity
fortinet
6.3
2021-12-08 CVE-2021-43063 Cross-site Scripting vulnerability in Fortinet Fortiweb
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the login webpage.
network
low complexity
fortinet CWE-79
6.1
2021-12-08 CVE-2021-36191 Open Redirect vulnerability in Fortinet Fortiweb
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to use the device as proxy via crafted GET parameters in requests to error handlers
network
low complexity
fortinet CWE-601
5.4
2021-12-08 CVE-2021-41015 Cross-site Scripting vulnerability in Fortinet Fortiweb 6.4.0/6.4.1
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login handler
network
low complexity
fortinet CWE-79
6.1
2021-12-08 CVE-2021-43064 Open Redirect vulnerability in Fortinet Fortiweb
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers.
network
low complexity
fortinet CWE-601
6.1