Dataproof Communications

CVSSv3 Score: 6.8 An improper neutralization of special elements used in an SQL command ('SQL injection') in FortiVoice may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted requests. Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 6.7 An OS command injection vulnerabtility in FortiExtender API may allow an authenticated attacker to execute unauthorized code or commands via a specific HTTP request. Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 9.1 An Improper Verification of Cryptographic Signature vulnerability in FortiOS, FortiWeb, FortiProxy and FortiSwitchManager mayallow an unauthenticated attacker to bypass the FortiCloud SSO loginauthentication via a crafted SAML message, if that feature is enabled on the device.Please note that the FortiCloud SSO login feature is not enabled in default factory settings. However, when an...

CVSSv3 Score: 2.6 A Direct Request ('Forced Browsing') vulnerability in FortiAuthenticator logs may allow an authenticated attacker with at least sponsor permissions to read and download device logs via accessing specific endpoints. Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 5.3 An Insufficient Session Expiration vulnerability in FortiOS SSLVPN may allow an attacker to maintain access to network resources via an active session not terminated after a user's password change under particular conditions outside of the attacker's control Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 6.3 An insertion of sensitive information into log file vulnerability in FortiOS, FortiProxy, FortiPAM and FortiSRA may allow a read-only administrator to retrieve API tokens of other administrators via observing REST API logs, if REST API logging is enabled (non-default configuration). Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 6.4 An Incorrect Authorization vulnerability in FortiPortal may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests. Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 6.5 An Unverified Password Change vulnerability in FortiSOAR may allow an attacker who gained access to a victim's user account to reset the account credentials without being prompted for the account's password Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 4.4 A use of password hash instead of password for authentication vulnerability in FortiWeb may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests. Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 7.1 A reliance on cookie without validation or integrity checking vulnerability in FortiWeb may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies requiring knowledge of the FortiWeb serial number.FortiAppSec Cloud is NOT impacted by this vulnerability. Revised on 2025-12-09 00:00:00...