Dernières alertes de sécurité
FortiOS - Improper authorization via prof-admin profile
> date : 2023-10-10 09:00:00
> lien :
https://fortiguard.fortinet.com/psirt/FG-IR-23-318
An improper authorization vulnerability [CWE-285] in FortiOS's WEB UI component may allow an authenticated attacker belonging to the prof-admin profile to perform elevated actions. [...]
FortiOS - HTML injection in SAML and Security Fabric components
> date : 2023-10-10 09:00:00
> lien :
https://fortiguard.fortinet.com/psirt/FG-IR-23-104
An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiOS may allow a remote authenticated attacker to inject script related HTML tags via the SAML and Security Fabric components. [...]
FortiManager, FortiAnalyzer, FortiADC - Command injection due to an unsafe usage of function
> date : 2023-10-10 09:00:00
> lien :
https://fortiguard.fortinet.com/psirt/FG-IR-22-352
An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager, FortiAnalyzer and FortiADC management interface may allow an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to an unsafe usage of the wordexp function. [...]
FortiManager & FortiAnalyzer - Path traversal via unrestricted file upload
> date : 2023-10-10 09:00:00
> lien :
https://fortiguard.fortinet.com/psirt/FG-IR-23-189
A relative path traversal [CWE-23] vulnerability in FortiManager and FortiAnalyzer may allow a remote attacker with low privileges to execute unauthorized code via crafted HTTP requests. [...]
|
page précédente |
page 4 |
page suivante |
FortiOS - Improper authorization via prof-admin profile
Sécurité
Classement
