Vulnerabilities > Fortinet > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-02 | CVE-2021-36176 | Cross-site Scripting vulnerability in Fortinet Fortiportal Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests. | 4.3 |
| 2021-11-02 | CVE-2021-36184 | SQL Injection vulnerability in Fortinet Fortiwlm A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests. | 4.0 |
| 2021-11-02 | CVE-2021-36185 | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 6.5 |
| 2021-11-02 | CVE-2021-36187 | Resource Exhaustion vulnerability in Fortinet Fortiweb A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to cause a denial of service for webserver daemon via crafted HTTP requests | 5.0 |
| 2021-11-02 | CVE-2021-41022 | Improper Privilege Management vulnerability in Fortinet Fortisiem A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute privileged code or commands via powershell scripts | 4.6 |
| 2021-11-02 | CVE-2021-26107 | Incorrect Authorization vulnerability in Fortinet Fortimanager 6.4.4/6.4.5 An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager. | 4.0 |
| 2021-11-02 | CVE-2021-32595 | Resource Exhaustion vulnerability in Fortinet Fortiportal Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests. | 4.0 |
| 2021-11-02 | CVE-2021-36172 | XXE vulnerability in Fortinet Fortiportal An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents. | 6.4 |
| 2021-11-02 | CVE-2021-41019 | Improper Certificate Validation vulnerability in Fortinet Fortios An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials. | 4.3 |
| 2021-10-06 | CVE-2020-15941 | Path Traversal vulnerability in Fortinet Forticlient Endpoint Management Server A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages. | 5.5 |