Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

FortiWeb

Source -

CNACISA

CNA CVEs -

53

ADP CVEs -

0

CISA CVEs -

1

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
53Vulnerabilities found
CVE-2022-42471
Assigner-Fortinet, Inc.
ShareView Details
Assigner-Fortinet, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.40% / 59.90%
||
7 Day CHG~0.00%
Published-03 Jan, 2023 | 16:58
Updated-07 Nov, 2023 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2019-5590
Assigner-Fortinet, Inc.
ShareView Details
Assigner-Fortinet, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.28% / 50.83%
||
7 Day CHG~0.00%
Published-28 Aug, 2019 | 16:45
Updated-25 Oct, 2024 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-14191
Assigner-Fortinet, Inc.
ShareView Details
Assigner-Fortinet, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.22% / 44.44%
||
7 Day CHG~0.00%
Published-20 Mar, 2018 | 13:00
Updated-25 Oct, 2024 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under "Signed Security Mode", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebFortiWeb
  • Previous
  • 1
  • 2
  • Next