CVE-2024-40593

>= 6.0.0 and <= 6.0.15

A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnaly

6.0MEDIUM

CVE-2025-54838

>= 7.4.0 and <= 7.4.5

An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboo

6.8MEDIUM

CVE-2024-45329

>= 7.0.0 and < 7.0.9

A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versi

4.3MEDIUM

CVE-2025-46777

>= 7.0.0 and < 7.0.10

A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versi

2.3LOW

CVE-2024-40590

>= 6.0.0 and < 7.0.9

An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 a

4.8MEDIUM

CVE-2025-24470

>= 7.0.0 and < 7.0.12

An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0

8.6HIGH

CVE-2024-52967

>= 6.0.0 and < 6.0.15

An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allo

3.5LOW

CVE-2024-35278

>= 7.0.0 and < 7.0.9

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 thro

4.3MEDIUM

CVE-2021-32589

>= 4.0.0 and < 5.3.7

A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version

8.1HIGH

CVE-2024-26011

>= 5.3.0 and < 6.0.15

A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 th

5.3MEDIUM

CVE-2023-47543

>= 7.0.0 and < 7.0.4

An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 al

5.4MEDIUM

CVE-2024-21759

>= 7.0.0 and < 7.0.7

An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows

4.3MEDIUM

CVE-2024-31495

>= 7.0.0 and < 7.0.7

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.0.0 thro

4.3MEDIUM

CVE-2023-48789

>= 6.0.0 and < 6.0.15

A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper

4.3MEDIUM

CVE-2024-23105

>= 7.0.0 and <= 7.0.6

A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through

7.5HIGH

CVE-2024-21761

>= 7.0.0 and < 7.0.7

An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a u

4.3MEDIUM

CVE-2023-41842

>= 5.3.0 and < 6.0.15

A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to ex

6.7MEDIUM

CVE-2023-48783

>= 5.3.0 and <= 5.3.8

An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, versio

5.4MEDIUM

CVE-2023-46712

>= 7.0.0 and <= 7.0.6

A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 al

7.2HIGH

CVE-2023-48791

>= 7.0.0 and <= 7.0.6

An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal versi

8.8HIGH

CVE-2022-27490

>= 4.1.0 and <= 4.1.2

A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer v

5.4MEDIUM

CVE-2022-43954

all versions

An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through

4.3MEDIUM

CVE-2022-41336

>= 5.0.0 and <= 5.0.3

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11

6.8MEDIUM

CVE-2021-26104

< 5.2.6

Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and be

7.8HIGH

CVE-2021-36171

<= 4.0.4

The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may a

8.1HIGH

CVE-2021-42757

>= 5.0.0 and <= 6.0.10

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authe

6.7MEDIUM

CVE-2021-36176

>= 4.0.0 and < 6.0.6

Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low

6.1MEDIUM

CVE-2021-36174

>= 4.0.0 and < 6.0.6

A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may a

4.3MEDIUM

CVE-2021-36181

>= 4.0.0 and < 6.0.6

A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer databa

3.1LOW

CVE-2021-36172

>= 4.0.0 and <= 4.0.4

An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6

4.3MEDIUM

CVE-2021-32595

>= 4.0.0 and < 5.3.7

Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low

6.5MEDIUM

CVE-2021-32602

>= 4.0.0 and <= 4.0.4

An improper neutralization of input during web page generation vulnerability (CWE-79) in FortiPortal GUI 6.0.4 and below, 5.3.6 an

5.8MEDIUM

CVE-2021-32588

>= 5.0.0 and <= 5.0.3

A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below,

9.8CRITICAL

CVE-2021-32596

>= 6.0.0 and <= 6.0.4

A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 ma

6.0MEDIUM

CVE-2021-36168

< 5.2.6

A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPo

6.5MEDIUM

CVE-2021-32594

>= 4.0.0 and <= 4.0.4

An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 thro

5.4MEDIUM

CVE-2021-32590

>= 3.2.0 and <= 3.2.2

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.

9.9CRITICAL

CVE-2017-7342

<= 4.0.0

A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unau

9.8CRITICAL

CVE-2017-7340

<= 4.0.0

A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized c

6.1MEDIUM

CVE-2017-7731

<= 4.0.0

A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information d

7.5HIGH

CVE-2017-7343

<= 4.0.0

An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands vi

6.1MEDIUM

CVE-2017-7339

<= 4.0.0

A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized c

6.1MEDIUM

CVE-2017-7338

<= 4.0.0

A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information d

7.5HIGH

CVE-2017-7337

<= 4.0.0

An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unau

9.1CRITICAL