Fortinet: >> Fortiadc >> 7.0.1 Security Vulnerabilities
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews.
CVSS Score
8.8
EPSS Score
0.15
Published
2022-11-02
An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request.
CVSS Score
5.3
EPSS Score
0.0
Published
2022-11-02
Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
CVSS Score
5.4
EPSS Score
0.006
Published
2022-07-18
Page 3