CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Fortinet: >> Fortiweb >> 6.3.19 Security Vulnerabilities

CVE-2022-33871

A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and earlier, 6.4 all versions, version 6.3.19 and earlier may allow a privileged attacker to execute arbitrary code or commands via specifically crafted CLI `execute backup-local rename` and `execute backup-local show` operations.

CVSS Score

6.6

EPSS Score

0.002

Published

2023-02-16

CVE-2022-42471

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability [CWE-113] In FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.4.0 through 6.4.2, FortiWeb version 6.3.6 through 6.3.20 may allow an authenticated and remote attacker to inject arbitrary headers.

CVSS Score

5.4

EPSS Score

0.004

Published

2023-01-03

Page 3

Vulnerabilities

Vulnerable Software

Fortinet: >> Fortiweb >> 6.3.19 Security Vulnerabilities

Products

Pricing

Contact Us