Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortiweb 6.4.0 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-36194
Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 up to and including 6.3.15 may allow an authenticated malicious user to achieve arbitrary code execution via specially crafted requests.
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
6.1
CVSSv3
CVE-2021-43063
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows malicious user to execute unauthorized code or commands via crafted HTTP GET req...
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
8.8
CVSSv3
CVE-2021-43071
A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows malicious user to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
5.3
CVSSv3
CVE-2021-41013
An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs.
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
8.8
CVSSv3
CVE-2021-41017
Multiple heap-based buffer overflow vulnerabilities in some web API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 up to and including 6.3.15 may allow a remote authenticated malicious user to execute arbitrary code or commands via specifically crafted HTTP requests.
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
6.1
CVSSv3
CVE-2021-43064
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows malicious user to use the device as a proxy and reach external or protected hosts via redirection handlers.
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
7.5
CVSSv3
CVE-2021-36187
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows malicious user to cause a denial of service for webserver daemon via crafted HTTP requests
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
9.8
CVSSv3
CVE-2021-36186
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows malicious user to execute unauthorized code or commands via crafted HTTP requests
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
4.3
CVSSv3
CVE-2022-30299
A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 up to and including 7.0.1, 6.3.0 up to and including 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated malicious user to retrieve specific parts of files f...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.4.2
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb
6.5
CVSSv3
CVE-2022-30300
A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 up to and including 7.0.1, 6.3.6 up to and including 6.3.18, 6.4 all versions may allow an authenticated malicious user to obtain unauthorized access to files and data via specifically crafted HTTP GET requests.
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.4.2
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »