- Filter by Date
- Filter by Severity
-
Filter by Affected Product
- All
- 14 FortiWeb
- 4 FortiOS
- 4 FortiManager
- 4 FortiMail
- 3 FortiAnalyzer
- 3 FortiSandbox
- 3 FortiADC
- 3 FortiClientWindows
- 3 FortiWAN
- 3 FortiAP
- 3 FortiSwitch
- 3 FortiWLM
- 3 FortiDB
- 2 FortiClientEMS
- 2 FortiClientMac
- 2 FortiAP-W2
- 2 FortiTester
- 2 FortiRecorder
- 2 FortiVoiceEnterprise
- 2 AscenLink
- 2 FortiDDoS
- 2 FortiCache
- 2 FortiTokenIOS
- 2 FortiClientAndroid
- 2 SSL_VPN
- 1 FortiPortal
- 1 FortiAuthenticator
- 1 FortiSIEM
- 1 FortiAP-S
- 1 FortiTokenAndroid
- 1 FSSO Windows CA
- 1 FortiClientiOS
- 1 FSSO (all dist.)
- 1 FortiExplorer Windows
- 1 FortiVoice
- 0 FortiProxy
- 0 FortiNAC
- 0 FortiWLC
- 0 FortiSOAR
- 0 FortiAP-U
- 0 FortiDeceptor
- 0 FortiClientLinux
- 0 FortiEDR
- 0 Meru AP
- 0 FortiExtender
- 0 FortiADCManager
- 0 FortiAP-C
- 0 FortiIsolator
- 0 FortiSIEMWindowsAgent
- 0 FortiSwitchManager
- 0 FortiWAN-Manager
- 0 FortiDDoS-CM
- 0 FortiOS-6K7K
- 0 FortiWebManager
- 0 Meru Controller
- 0 AV Engine
- 0 FSSO Windows DC Agent
- 0 FortiAnalyzer-BigData
- 0 FortiCloud
- 0 FortiDDoS-F
- 0 FortiFone
- 0 FortiGuard
- 0 FortiNDR
- 0 FortiPresence
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP
April
(1)
Refine Search
PSIRT Advisories
Monthly PSIRT Advisories
- 2023: May , Apr , Mar , Feb , Jan
- 2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
- 2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
- 2020: Dec
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the command line interprete...
FortiWeb
7.0.3, 7.0.2, 7.0.1, 7.0.0
FortiADC
7.1.1, 7.1.0, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.6, 6.1.5, 6.1.4, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0
Apr 11, 2023
Severity
Medium
IR Number: FG-IR-22-186
CVE-2022-43948
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in FortiWeb's proxy daemon may allow an unauthenticated re...
FortiWeb
6.4.2, 6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.9.1, 5.9.0, 5.8.7, 5.8.6, 5.8.5, 5.8.3, 5.8.2, 5.8.1, 5.8.0, 5.7.3, 5.7.2, 5.7.1, 5.7.0, 5.6.2, 5.6.1, 5.6.0
Feb 16, 2023
Severity
Critical
IR Number: FG-IR-21-186
CVE-2021-42756
Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface may allow an authenticated atta...
FortiWLM
8.6.2, 8.6.1, 8.6.0, 8.5.4, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.2, 8.4.1, 8.4.0, 8.3.2, 8.3.1, 8.3.0, 8.2.2
Mar 01, 2022
Severity
Medium
IR Number: FG-IR-21-106
CVE-2021-43070
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiWL...
FortiWLM
8.6.2, 8.6.1, 8.6.0, 8.5.4, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.2, 8.4.1, 8.4.0, 8.3.2, 8.3.1, 8.3.0, 8.2.2
Dec 07, 2021
Severity
Medium
IR Number: FG-IR-21-111
CVE-2021-42752
An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in FortiWLM...
FortiWLM
8.6.1, 8.6.0, 8.5.4, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.2, 8.4.1, 8.4.0, 8.3.2, 8.3.1, 8.3.0, 8.2.2
Dec 07, 2021
Severity
Medium
IR Number: FG-IR-21-114
CVE-2021-41029
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWeb may allow an unauthenti...
A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb may allow an authenticated attacker to execute unauthori...
An improper access control vulnerability [CWE-284] in the Report Browse section of FortiWeb's Log & Report may allow an un...
FortiWeb
6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0
Dec 07, 2021
Severity
Medium
IR Number: FG-IR-21-138
CVE-2021-41013
An information disclosure vulnerability in FortiWeb's Web Vulnerability Scan profile may allow a remote authenticated atta...
An improper neutralization of input during web page generation in FortiWeb GUI interface may allow an unauthenticated, rem...
FortiWeb
6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
Feb 03, 2021
Severity
Medium
IR Number: FG-IR-20-122
CVE-2021-22122
An information exposure vulnerability in FortiWeb CLI may allow an authenticated user to view sensitive information being ...
An improper neutralization of input vulnerability in the Anomaly Detection interface of FortiWeb may allow a remote unauth...
The URL part of the report message is not encoded in Fortinet FortiWeb which may allow an attacker to execute unauthorized...
FortiSwitch is vulnerable to multiple Cross-site Scripting (XSS) attacks present in the jQuery javascript libraryCVE-2015-...
FortiMail
6.0.0, 5.4.5
FortiSIEM
5.2.8
FortiClientWindows
6.0.0
FortiSwitch
6.0.2, 6.0.1, 3.6.8
FortiAP
5.6.3
FortiWeb
6.0.1
FortiOS
6.0.1
FortiPortal
4.2.2
FortiManager
5.6.3
FortiAP-S
5.6.2
FortiAP-W2
5.6.2
Apr 10, 2019
Severity
Medium
IR Number: FG-IR-18-013
CVE-2015-9251
The OpenSSL project released an advisory on Jan 26th, 2017, describing 3 Moderate, 1 Low severity vulnerabilities, as list...
FortiWeb
5.7.0
FortiVoiceEnterprise
5.3.4
FortiDB
5.1.11
FortiClientMac
5.4.2
FortiClientEMS
1.0.3
FortiClientAndroid
5.4.0
FortiSandbox
2.3.3
FortiAnalyzer
5.4.2, 5.2.10
FortiMail
5.3.8, 5.2.9
FortiSwitch
3.5.0
FortiDDoS
4.3.0
FortiClientiOS
5.4.3
AscenLink
7.2.18
FortiTester
2.8.0
FortiTokenAndroid
3.0.4
FortiADC
4.7.1
FortiWAN
4.3.1
FortiClientWindows
5.4.2
FortiOS
5.4.5, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.12, 5.2.11, 5.2.10, 5.2.1, 5.2.0, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.14, 5.0.13, 5.0.12, 5.0.11, 5.0.10, 5.0.1, 5.0.0
FortiVoice
5.2.2
FortiCache
4.1.5, 0.4.20
FortiManager
5.4.2, 5.2.10
FSSO (all dist.)
5.0.254
FortiRecorder
2.5.1, 2.4.3
FortiAP
5.4.1
SSL_VPN
4.0.2328
FortiTokenIOS
3.0.5
Jul 13, 2018
Severity
Medium
IR Number: FG-IR-17-019
CVE-2016-7055