- Filter by Date
- 2022
- 2021
- 2020
- 2019
- 2018
- 2017
- 2016
- 2015
- 2014
- 2013
- 2012
- Filter by Severity
-
Filter by Affected Product
- All
- 69 FortiOS
- 38 FortiWeb
- 33 FortiManager
- 27 FortiAnalyzer
- 20 FortiProxy
- 19 FortiMail
- 18 FortiPortal
- 17 FortiSandbox
- 13 FortiClientWindows
- 11 FortiAuthenticator
May
(9)
Refine Search
PSIRT Advisories
Monthly PSIRT Advisories
- 2022: May , Apr , Mar , Feb
- 2021: Dec , Nov , Oct , Sep , Aug , Jul , Jun , May , Apr , Mar , Feb , Jan
- 2020: Dec
The following is a list of advisories for issues resolved in Fortinet products. The resolution of such issues is coordinated by the Fortinet Product Security Incident Response Team (PSIRT), a dedicated, global team that manages the receipt, investigation, and public reporting of information about security vulnerabilities and issues related to Fortinet products and services.
For details of how to raise a PSIRT Issue with Fortinet, please see our PSIRT Policy here.
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWeb may allow an unauthentic...
Multiple improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] in FortiWeb may all...
FortiWeb
6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
Dec 07, 2021
Severity
Medium
IR Number: FG-IR-21-118
CVE-2021-36188
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWeb may allow an unauthentic...
FortiWeb
6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
Dec 07, 2021
Severity
Medium
IR Number: FG-IR-21-122
CVE-2021-43063
A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb may allow an authenticated attacker to execute unauthori...
Multiple stack-based buffer overflows [CWE-121] in the API controllers of FortiWeb may allow an authenticated attacker to ...
FortiWeb
6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0
Dec 07, 2021
Severity
High
IR Number: FG-IR-21-152
CVE-2021-36194
An improper access control vulnerability [CWE-284] in the Report Browse section of FortiWeb's Log & Report may allow an un...
FortiWeb
6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0
Dec 07, 2021
Severity
Medium
IR Number: FG-IR-21-138
CVE-2021-41013
A heap-based buffer overflow [CWE-122] vulnerability in FortiWeb may allow an authenticated attacker to execute arbitrary ...
FortiWeb
6.4.1, 6.4.0, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.1, 6.3.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0
Dec 07, 2021
Severity
High
IR Number: FG-IR-21-188
CVE-2021-43071
An improper sanitization of commands elements (OS Command Injection) vulnerability [CWE-78] in Meru AP may allow an authen...
Meru AP
8.6.1, 8.6.0, 8.5.5, 8.5.4, 8.5.3, 8.5.2, 8.5.1, 8.5.0
Dec 07, 2021
Severity
Medium
IR Number: FG-IR-21-004
CVE-2021-42759
An unsafe search path vulnerability in FortiClient and FortiClient EMS may allow an attacker to perform a DLL Hijack atta...
FortiClientWindows
7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.10, 6.0.1, 6.0.0
FortiClientEMS
7.0.0, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
Nov 29, 2021
Severity
High
IR Number: FG-IR-21-088
CVE-2021-32592
An improper neutralization of input during web page generation [CWE-79] in FortiAnalyzer may allow an attacker to perform ...
FortiAnalyzer
6.4.4, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
Nov 02, 2021
Severity
Medium
IR Number: FG-IR-20-092
CVE-2020-12814
An improper control of generation of code vulnerability [CWE-94] in FortiClient for MacOS may allow an authenticated attac...
FortiClientMac
7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0
Nov 02, 2021
Severity
Low
IR Number: FG-IR-21-079
CVE-2021-42754
An improper authorization vulnerability [CWE-285] in FortiClient for Windows may allow a local unprivileged attacker to es...
FortiClientWindows
7.0.1, 7.0.0, 6.4.2, 6.4.1, 6.4.0
Nov 02, 2021
Severity
High
IR Number: FG-IR-20-079
CVE-2021-36183
An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS may allow a remote authenticated attacker to ...
FortiClientEMS
6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.8, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
Nov 02, 2021
Severity
Medium
IR Number: FG-IR-20-067
CVE-2020-15940
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager may allow a FortiGat...
FortiManager
7.0.1, 7.0.0, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0, 5.6.9, 5.6.8, 5.6.7, 5.6.6, 5.6.5, 5.6.4, 5.6.3, 5.6.2, 5.6.11, 5.6.10, 5.6.1, 5.6.0
Nov 02, 2021
Severity
Medium
IR Number: FG-IR-21-103
CVE-2021-36192
An improper access control vulnerability [CWE-284] in FortiManager may allow an authenticated attacker with a restricted u...