Every CVE whose affected-product data names Fortinet Fortiportal, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (45)
CVE-2021-32590 — CVSS 9.9 (critical): Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0…
CVE-2021-32588 — CVSS 9.8 (critical): A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3.5 and below, 6.0.4 and below, versions…
CVE-2017-7342 — CVSS 9.8 (critical): A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized…
CVE-2017-7337 — CVSS 9.1 (critical): An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized…
CVE-2023-48791 — CVSS 8.8 (high): An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0…
CVE-2025-24470 — CVSS 8.6 (high): An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through…
CVE-2021-32589 — CVSS 8.1 (high): A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10…
CVE-2021-36171 — CVSS 8.1 (high): The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a…
CVE-2021-26104 — CVSS 7.8 (high): Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and…
CVE-2017-7338 — CVSS 7.5 (high): A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure…
CVE-2024-23105 — CVSS 7.5 (high): A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1…
CVE-2017-7731 — CVSS 7.5 (high): A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure…
CVE-2023-46712 — CVSS 7.2 (high): A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows…
CVE-2022-41336 — CVSS 6.8 (medium): An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all…
CVE-2025-54838 — CVSS 6.8 (medium): An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a…
CVE-2023-41842 — CVSS 6.7 (medium): A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute…
CVE-2021-42757 — CVSS 6.7 (medium): A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated…
CVE-2021-32595 — CVSS 6.5 (medium): Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single…
CVE-2021-36168 — CVSS 6.5 (medium): A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal…
CVE-2026-49938 — CVSS 6.5 (medium): A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all…
CVE-2017-7340 — CVSS 6.1 (medium): A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or…
CVE-2021-36176 — CVSS 6.1 (medium): Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single…
CVE-2017-7343 — CVSS 6.1 (medium): An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url…
CVE-2017-7339 — CVSS 6.1 (medium): A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or…
CVE-2024-40593 — CVSS 6.0 (medium): A key management errors vulnerability in Fortinet FortiAnalyzer 7.4.0 through 7.4.2, FortiAnalyzer 7.2.0 through 7.2.5, FortiAnalyzer 7.0…
CVE-2021-32596 — CVSS 6.0 (medium): A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow…
CVE-2021-32602 — CVSS 5.8 (medium): An improper neutralization of input during web page generation vulnerability (CWE-79) in FortiPortal GUI 6.0.4 and below, 5.3.6 and below…
CVE-2023-47543 — CVSS 5.4 (medium): An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an…
CVE-2021-32594 — CVSS 5.4 (medium): An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through…
CVE-2022-27490 — CVSS 5.4 (medium): A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version…
CVE-2023-48783 — CVSS 5.4 (medium): An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6…
CVE-2024-26011 — CVSS 5.3 (medium): A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through…
CVE-2024-40590 — CVSS 4.8 (medium): An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below…
CVE-2023-48789 — CVSS 4.3 (medium): A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access…
CVE-2024-31495 — CVSS 4.3 (medium): A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.0.0 through 7.0.6…
CVE-2024-35278 — CVSS 4.3 (medium): A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0…
CVE-2022-43954 — CVSS 4.3 (medium): An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may…
CVE-2024-45329 — CVSS 4.3 (medium): A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0…
CVE-2021-36172 — CVSS 4.3 (medium): An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow…
CVE-2024-21761 — CVSS 4.3 (medium): An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to…
CVE-2021-36174 — CVSS 4.3 (medium): A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an…
CVE-2024-21759 — CVSS 4.3 (medium): An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker…
CVE-2024-52967 — CVSS 3.5 (low): An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows…
CVE-2021-36181 — CVSS 3.1 (low): A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database…
CVE-2025-46777 — CVSS 2.3 (low): A insertion of sensitive information into log file in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0…