Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortiweb 6.4.0 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-41025
Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb versions 6.4.1, 6.4.0, 6.3.0 up to and including 6.3.15, 6.2.0 up to and including 6.2.6, 6.1.0 up to and including 6.1.2, 6.0.0 thorugh 6.0.7, including an instance of concurrent execution using shared...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
Fortinet Fortiweb 6.1.2
Fortinet Fortiweb 6.4.2
9.8
CVSSv3
CVE-2021-36186
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows malicious user to execute unauthorized code or commands via crafted HTTP requests
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb
8.8
CVSSv3
CVE-2023-34984
A protection mechanism failure in Fortinet FortiWeb 7.2.0 up to and including 7.2.1, 7.0.0 up to and including 7.0.6, 6.4.0 up to and including 6.4.3, 6.3.6 up to and including 6.3.23 allows malicious user to execute unauthorized code or commands via specially crafted HTTP reques...
Fortinet Fortiweb
8.8
CVSSv3
CVE-2022-30303
An improper neutralization of special elements used in an os command ('OS Command Injection') [CWE-78] in FortiWeb 7.0.0 up to and including 7.0.1, 6.3.0 up to and including 6.3.19, 6.4 all versions may allow an authenticated malicious user to execute arbitrary shell co...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.4.2
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb
8.8
CVSSv3
CVE-2023-23779
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated malicious user to execute unauthorized...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.4.2
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb
8.8
CVSSv3
CVE-2022-30306
A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated malicious user to achieve arbitrary code execution via specifically crafted password.
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.4.2
Fortinet Fortiweb 7.0.0
Fortinet Fortiweb 7.0.1
Fortinet Fortiweb
8.8
CVSSv3
CVE-2021-43073
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows malicious user to execute unauthorized code or commands via crafted HTTP r...
Fortinet Fortiweb
8.8
CVSSv3
CVE-2021-43071
A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows malicious user to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb
8.8
CVSSv3
CVE-2021-36194
Multiple stack-based buffer overflows in the API controllers of FortiWeb 6.4.1, 6.4.0, and 6.3.0 up to and including 6.3.15 may allow an authenticated malicious user to achieve arbitrary code execution via specially crafted requests.
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb
Fortinet Fortiweb 6.4.1
8.8
CVSSv3
CVE-2021-36195
Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 up to and including 6.3.15, 6.2.0 up to and including 6.2.6, and 6.1.0 up to and including 6.1.2 may allow an authenticated malicious user to execute arbitrary comm...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
Fortinet Fortiweb 6.1.2
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »