Vulnerabilites related to Fortinet, Inc. - Fortinet FortiWeb
cve-2017-7737
Vulnerability from cvelistv5
Published
2017-08-10 21:00
Modified
2024-10-25 14:13
Severity ?
EPSS score ?
Summary
An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-17-162 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/100205 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet, Inc. | Fortinet FortiWeb |
Version: FortiWeb 5.8.2 and below versions. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:28.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-17-162"
},
{
"name": "100205",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100205"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-7737",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:00:44.671952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:13:01.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiWeb",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "FortiWeb 5.8.2 and below versions."
}
]
}
],
"datePublic": "2017-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-11T09:57:01",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-17-162"
},
{
"name": "100205",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100205"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-7737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiWeb",
"version": {
"version_data": [
{
"version_value": "FortiWeb 5.8.2 and below versions."
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and below versions allows logged-in admin user to view SNMPv3 user password in cleartext in webui via the HTML source code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-17-162",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-17-162"
},
{
"name": "100205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100205"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-7737",
"datePublished": "2017-08-10T21:00:00Z",
"dateReserved": "2017-04-12T00:00:00",
"dateUpdated": "2024-10-25T14:13:01.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7736
Vulnerability from cvelistv5
Published
2017-11-22 17:00
Modified
2024-10-25 14:10
Severity ?
EPSS score ?
Summary
A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-17-131 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101916 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet, Inc. | Fortinet FortiWeb |
Version: FortiWeb 5.8.0, 5.7.1 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:28.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-17-131"
},
{
"name": "101916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101916"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-7736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:00:27.002536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:10:30.990Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiWeb",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "FortiWeb 5.8.0, 5.7.1 and earlier"
}
]
}
],
"datePublic": "2017-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-23T10:57:01",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-17-131"
},
{
"name": "101916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101916"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"DATE_PUBLIC": "2017-11-17T00:00:00",
"ID": "CVE-2017-7736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiWeb",
"version": {
"version_data": [
{
"version_value": "FortiWeb 5.8.0, 5.7.1 and earlier"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-17-131",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-17-131"
},
{
"name": "101916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101916"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-7736",
"datePublished": "2017-11-22T17:00:00Z",
"dateReserved": "2017-04-12T00:00:00",
"dateUpdated": "2024-10-25T14:10:30.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-3129
Vulnerability from cvelistv5
Published
2017-05-26 22:00
Modified
2024-10-25 14:13
Severity ?
EPSS score ?
Summary
A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fortiguard.com/psirt/FG-IR-17-076 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98382 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet, Inc. | Fortinet FortiWeb |
Version: FortiWeb versions 5.7.1 and below |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-076"
},
{
"name": "98382",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98382"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3129",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:00:51.062307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:13:52.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiWeb",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "FortiWeb versions 5.7.1 and below"
}
]
}
],
"datePublic": "2017-04-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-29T09:57:01",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-076"
},
{
"name": "98382",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98382"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-3129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiWeb",
"version": {
"version_data": [
{
"version_value": "FortiWeb versions 5.7.1 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7.1 and below allows attacker to execute unauthorized code or commands via an improperly sanitized POST parameter in the FortiWeb Site Publisher feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-17-076",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-076"
},
{
"name": "98382",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98382"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-3129",
"datePublished": "2017-05-26T22:00:00",
"dateReserved": "2016-12-02T00:00:00",
"dateUpdated": "2024-10-25T14:13:52.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}