Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortiweb 6.4.0 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-43063
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows malicious user to execute unauthorized code or commands via crafted HTTP GET req...
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
4.9
CVSSv2
CVE-2021-36191
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows malicious user to use the device as proxy via crafted GET parameters in requests to error handlers
Fortinet Fortiweb
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
Fortinet Fortiweb 6.1.2
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
4.6
CVSSv2
CVE-2021-41027
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated malicious user to execute unauthorized code or commands via crafted certificates loaded into the device.
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
5
CVSSv2
CVE-2021-41014
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated malicious user to make the httpsd daemon unresponsive via huge HTTP packets
Fortinet Fortiweb
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
Fortinet Fortiweb 6.1.2
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
4.3
CVSSv2
CVE-2021-41015
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows malicious user to execute unauthorized code or commands via crafted HTTP requests to SAML login handler
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
5.8
CVSSv2
CVE-2021-43064
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows malicious user to use the device as a proxy and reach external or protected hosts via redirection handlers.
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb 6.4.1
6.5
CVSSv2
CVE-2021-36180
Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated malicious user to execute unauthorized code or commands via crafted param...
Fortinet Fortiweb 6.4.0
Fortinet Fortiweb
Fortinet Fortiweb 6.4.1
Fortinet Fortiweb 5.9.0
Fortinet Fortiweb 5.9.1
Fortinet Fortiweb 6.1.0
Fortinet Fortiweb 6.1.1
4.6
CVSSv2
CVE-2021-42757
A buffer overflow [CWE-121] in the TFTP client library of FortiOS prior to 6.4.7 and FortiOS 7.0.0 up to and including 7.0.2, may allow an authenticated local malicious user to achieve arbitrary code execution via specially crafted command line arguments.
Fortinet Fortiweb 6.4.0
Fortinet Fortios
Fortinet Fortiweb 6.4.1
Fortinet Fortiproxy 7.0.0
Fortinet Fortimanager
Fortinet Fortianalyzer
Fortinet Fortiproxy 7.0.1
Fortinet Fortimail
Fortinet Fortios-6k7k 6.4.6
Fortinet Fortios-6k7k 6.4.2
Fortinet Fortiweb
Fortinet Fortiproxy
Fortinet Fortindr
Fortinet Fortiswitch
Fortinet Fortirecorder Firmware
Fortinet Fortios-6k7k
Fortinet Fortiadc
Fortinet Fortiportal
Fortinet Fortivoice
7.5
CVSSv2
CVE-2021-36186
A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows malicious user to execute unauthorized code or commands via crafted HTTP requests
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
5
CVSSv2
CVE-2021-36187
A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows malicious user to cause a denial of service for webserver daemon via crafted HTTP requests
Fortinet Fortiweb
Fortinet Fortiweb 6.4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3