- Filter by Date
- 2022
- 11 03-2022
- 2022
- Filter by Severity
-
Filter by Affected Product
- All
- 3 FortiWLM
- 2 FortiManager
- 2 FortiMail
- 1 FortiAnalyzer
- 1 FortiPortal
- 1 FortiAP-C
- 1 FortiTokenAndroid
- 0 FortiOS
- 0 FortiProxy
- 0 FortiSandbox
- 0 FortiWeb
- 0 FortiADC
- 0 FortiClientWindows
- 0 FortiAuthenticator
- 0 FortiWAN
- 0 FortiNAC
- 0 FortiSIEM
- 0 FortiClientEMS
- 0 FortiWLC
- 0 FortiAP
- 0 FortiClientMac
- 0 FortiAP-W2
- 0 FortiSOAR
- 0 FortiSwitch
- 0 FortiTester
- 0 FortiRecorder
- 0 FortiVoiceEnterprise
- 0 FortiAP-S
- 0 FortiAP-U
- 0 FortiDeceptor
- 0 AscenLink
- 0 FortiClientLinux
- 0 FortiDB
- 0 FortiDDoS
- 0 FortiEDR
- 0 Meru AP
- 0 FortiCache
- 0 FortiExtender
- 0 FortiADCManager
- 0 FortiIsolator
- 0 FortiSIEMWindowsAgent
- 0 FortiSwitchManager
- 0 FortiTokenIOS
- 0 FortiWAN-Manager
- 0 FSSO Windows CA
- 0 FortiClientAndroid
- 0 FortiClientiOS
- 0 FortiDDoS-CM
- 0 FortiOS-6K7K
- 0 FortiWebManager
- 0 Meru Controller
- 0 SSL_VPN
- 0 AV Engine
- 0 FSSO (all dist.)
- 0 FSSO Windows DC Agent
- 0 FortiAnalyzer-BigData
- 0 FortiCloud
- 0 FortiDDoS-F
- 0 FortiExplorer Windows
- 0 FortiFone
- 0 FortiGuard
- 0 FortiNDR
- 0 FortiPresence
- 0 FortiSDNConnector
- 0 FortiTokenMobileWP
- 0 FortiVoice
All
Refine Search
PSIRT Advisories
Monthly PSIRT Advisories
- 2023: May , Apr , Mar , Feb , Jan
- 2022: Dec , Nov , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb
- 2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
- 2020: Dec
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-C console may allow...
FortiAP-C
5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.2.1, 5.2.0
Mar 01, 2022
Severity
High
IR Number: FG-IR-21-227
CVE-2022-22301
An improper handling of insufficient permissions or privileges vulnerability [CWE-280] in FortiAnalyzer and FortiManager m...
FortiManager
7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
FortiAnalyzer
7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
Mar 01, 2022
Severity
Low
IR Number: FG-IR-21-255
CVE-2022-22300
An improper authentication vulnerability [CWE-287] in FortiMail may allow a remote attacker to efficiently guess one admin...
FortiMail
7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0
Mar 01, 2022
Severity
Critical
IR Number: FG-IR-21-028
CVE-2021-36166
An improper input validation (CWE-20) vulnerability in the web server CGI facilities of FortiMail may allow an unauthenti...
FortiMail
7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0
Mar 01, 2022
Severity
High
IR Number: FG-IR-21-008
CVE-2021-32586
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager may ...
FortiManager
7.0.2, 7.0.1, 7.0.0, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0
Mar 01, 2022
Severity
Low
IR Number: FG-IR-21-165
CVE-2022-22303
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiOS may allow a privileged at...
Mar 01, 2022
Severity
Low
IR Number: FG-IR-20-091
CVE-2020-15936
Low
IR Number: FG-IR-20-091
CVE-2020-15936
The use of a cryptographically weak pseudo-random number generator (CWE-338) in the password reset feature of FortiPortal ...
FortiPortal
6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.1.2, 4.1.1, 4.1.0, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0
Mar 01, 2022
Severity
High
IR Number: FG-IR-21-099
CVE-2021-36171
An improper access control vulnerability [CWE-284 ] in FortiToken Mobile (Android) external push notification may allow a ...
FortiTokenAndroid
5.1.0, 5.0.3, 5.0.2, 4.5.0, 4.4.0, 4.3.0, 4.2.2, 4.2.1, 4.1.1, 4.0.1, 4.0.0
Mar 01, 2022
Severity
Low
IR Number: FG-IR-21-210
CVE-2021-44166
Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface may allow an authenticated atta...
FortiWLM
8.6.2, 8.6.1, 8.6.0, 8.5.4, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.2, 8.4.1, 8.4.0, 8.3.2, 8.3.1, 8.3.0, 8.2.2
Mar 01, 2022
Severity
Medium
IR Number: FG-IR-21-106
CVE-2021-43070
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWLM...
FortiWLM
8.6.2, 8.6.1, 8.6.0, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.2, 8.4.1, 8.4.0, 8.3.2, 8.3.1, 8.3.0, 8.2.2
Mar 01, 2022
Severity
High
IR Number: FG-IR-21-189
CVE-2021-43077
An improper neutralization of special elements used in an OS command ('OS Command Injection') [CWE-78] vulnerability in Fo...
FortiWLM
8.6.2, 8.6.1, 8.6.0, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.2, 8.4.1, 8.4.0, 8.3.2, 8.3.1, 8.3.0, 8.2.2
Mar 01, 2022
Severity
High
IR Number: FG-IR-21-128
CVE-2021-43075