~/products/fortinet/fortipam

pipeline liveDigest Docs

Fortinet Fortipam vulnerabilities

30 known vulnerabilities affecting fortinet/fortipam.

Total CVEs

30

CISA KEV

1

actively exploited

Public exploits

1

Exploited in wild

1

Severity breakdown

CRITICAL4HIGH14MEDIUM12

Vulnerabilities

Page 2 of 2

CVE-2022-45862HIGHCVSS 8.8≥ 1.0.0, < 1.4.0v1.3.0+3 more2024-08-13

CVE-2022-45862 [HIGH] CWE-613 CVE-2022-45862: An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions; FortiSwitchManager 7.2.1 and below, 7.0 all versions GUI may allow attackers to re-use w

CVE-2024-26010HIGHCVSS 7.5≥ 1.0.0, ≤ 1.3.0v1.2.0+1 more2024-06-11

CVE-2024-26010 [HIGH] CWE-121 CVE-2024-26010: A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18,

CVE-2023-45583HIGHCVSS 7.2≥ 1.0.0, ≤ 1.0.3v1.1.02024-05-14

CVE-2023-45583 [HIGH] CWE-134 CVE-2023-45583: A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7. A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through 1.0.3 FortiOS versions 7.4.0, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15 FortiSwitchMan

CVE-2023-36640MEDIUMCVSS 6.7≤ 1.0.3≥ 1.0.0, ≤ 1.0.32024-05-14

CVE-2023-36640 [MEDIUM] CWE-134 CVE-2023-36640: A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7. A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions 1.0.0 through 1.0.3, FortiOS versions 7.2.0, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.

CVE-2023-42789CRITICALCVSS 9.8≥ 1.1.0, ≤ 1.1.2≥ 1.0.0, ≤ 1.0.32024-03-12

CVE-2023-42789 [CRITICAL] CWE-787 CVE-2023-42789: A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7. A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

CVE-2023-29181HIGHCVSS 8.8≥ 1.0.0, < 1.1.0≥ 1.0.0, ≤ 1.0.32024-02-22

CVE-2023-29181 [HIGH] CWE-134 CVE-2023-29181: A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows atta

CVE-2024-23113CRITICALCVSS 9.8KEV≥ 1.0.0, ≤ 1.0.3≥ 1.1.0, ≤ 1.1.2+1 more2024-02-15

CVE-2024-23113 [CRITICAL] CWE-134 CVE-2024-23113: A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 throu

CVE-2023-37934MEDIUMCVSS 6.5≥ 1.0.0, < 1.1.0≥ 1.0.0, ≤ 1.0.32024-01-10

CVE-2023-37934 [MEDIUM] CWE-770 CVE-2023-37934: An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency.

CVE-2023-41678HIGHCVSS 8.8v1.0.0v1.0.1+6 more2023-12-13

CVE-2023-41678 [HIGH] CWE-415 CVE-2023-41678: A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3 A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.

CVE-2023-36639HIGHCVSS 8.8≥ 1.0.0, ≤ 1.0.3v1.1.02023-12-13

CVE-2023-36639 [HIGH] CWE-134 CVE-2023-36639: A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7. A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiPAM versions 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via s

← Previous2 / 2