RSS   Vulnerabilities for 'Fortiwlm'   RSS

2022-03-02
 
CVE-2021-43070

CWE-22
 

 
Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.

 
2022-03-01
 
CVE-2021-43075

CWE-78
 

 
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the alarm dashboard and controller config handlers.

 
 
CVE-2021-43077

CWE-89
 

 
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP monitor handlers.

 
2021-12-08
 
CVE-2021-41029

CWE-79
 

 
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests

 
 
CVE-2021-42752

CWE-79
 

 
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP requests

 
 
CVE-2021-42760

CWE-89
 

 
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests.

 
2021-11-02
 
CVE-2021-36184

CWE-89
 

 
A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests.

 
 
CVE-2021-36185

CWE-78
 

 
A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.

 
2017-07-22
 
CVE-2017-7336

 

 
A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lower versions allows a remote attacker to log-in and execute commands with 'upgrade' account privileges.

 

 >>> Vendor: Fortinet 106 Products
Fortinet firewall
Fortigate
Fortios
Fortinet antivirus
Fortinet
Fortinet28
Forticlient host security
Fortiguard antivirus
Fortigate-1000
Forticlient
Connect
Fortigate-1000c
Fortigate-100d
Fortigate-110c
Fortigate-1240b
Fortigate-200b
Fortigate-20c
Fortigate-300c
Fortigate-3040b
Fortigate-310b
Fortigate-311b
Fortigate-3140b
Fortigate-3240c
Fortigate-3810a
Fortigate-3950b
Fortigate-40c
Fortigate-5001a-sw
Fortigate-5001b
Fortigate-5020
Fortigate-5060
Fortigate-50b
Fortigate-5101c
Fortigate-5140b
Fortigate-600c
Fortigate-60c
Fortigate-620b
Fortigate-800c
Fortigate-80c
Fortigate-voice-80c
Fortigaterugged-100c
Fortimail
Forticlient lite
Forticlient ssl vpn
Fortianalyzer-1000d
Fortianalyzer-2000b
Fortianalyzer-200d
Fortianalyzer-3000d
Fortianalyzer-300d
Fortianalyzer-4000b
Fortianalyzer firmware
Fortiweb
Fortiadc-1000e
Fortiadc-1500d
Fortiadc-2000d
Fortiadc-200d
Fortiadc-300e
Fortiadc-4000d
Fortiadc-400e
Fortiadc-600e
Fortiadc firmware
Fortiauthenticator
Fortimanager
Coyote point equalizer
Coyote point equalizer firmware
Single sign on
Fortiadc-700d
Fortimanager firmware
Fortisandbox firmware
Fortiswitch
Fortiwan
Fortiwlc
Fortiportal
Fortiwlc-sd
Fortiwlm
Fortiweb manager
Fortidb
Forticlient sslvpn client
Fortianalyzer
Fortisiem
Fcm-mb40 firmware
Fortinac
Fortiisolator
Forticlient emergency management server
Forticlient virtual private network
Fortiadc
Fortiap
Fortiap-s
Fortiap-u
Fortiap-w2
Fortivoice
Fortisiem windows agent
Fortideceptor
Fortitester
Fortiproxy
Fortiadc manager
Fortipresence
Fortisandbox
Fortisdnconnector
Forticlient endpoint management server
Forticlient enterprise management server
See all Products for Vendor Fortinet


Copyright 2024, cxsecurity.com

 

Back to Top