Fortinet FortiProxy 2.0.3

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:fortinet:fortiproxy:2.0.3:*:*:*:*:*:*:*

part: a version: 2.0.3 update: *

VendorFortinet (2b06c5e0-0a17-54f4-810a-5ef236d51947)
ProductFortiproxy (e11e5361-2582-5bee-af8e-604c3136a1e6)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-54822 vulnerable 2026-06-03 15:04:56.952514 Details available
MEDIUM (4.2)
An improper authorization vulnerability [CWE-285] vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.8, FortiOS 7.0.0 through 7.0.11, FortiProxy 7.4.0 through 7.4.8, FortiProxy 7.2 all versions, FortiProxy 7.0 all versions, FortiProxy 2.0 all versions allows an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS requests.
Published: 2025-10-14T15:23:47.676Z
Updated: 2026-01-14T09:19:22.354Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-50571 vulnerable 2026-06-03 14:57:25.076806 Details available
MEDIUM (6.5)
A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, FortiAnalyzer 7.2.0 through 7.2.9, FortiAnalyzer 7.0.0 through 7.0.13, FortiAnalyzer 6.4 all versions, FortiAnalyzer 6.2 all versions, FortiAnalyzer 6.0 all versions, FortiAnalyzer Cloud 7.4.1 through 7.4.5, FortiAnalyzer Cloud 7.2.1 through 7.2.9, FortiAnalyzer Cloud 7.0.1 through 7.0.13, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.0 through 7.2.9, FortiManager 7.0.0 through 7.0.13, FortiManager 6.4 all versions, FortiManager 6.2 all versions, FortiManager 6.0 all versions, FortiManager Cloud 7.6.2, FortiManager Cloud 7.4.1 through 7.4.5, FortiManager Cloud 7.2.1 through 7.2.9, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4 all versions, FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7, FortiProxy 7.2.0 through 7.2.12, FortiProxy 7.0.0 through 7.0.19, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions allows attacker to execute unauthorized code or commands via specifically crafted requests.
Published: 2025-10-14T15:23:00.197Z
Updated: 2026-02-26T17:47:33.787Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-48884 vulnerable 2026-06-03 14:57:10.812733 Details available
HIGH (7.1)
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.1 through 7.4.3, FortiManager Cloud 7.4.1 through 7.4.3, FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.4, FortiOS 7.2.0 through 7.2.9, FortiOS 7.0.0 through 7.0.15, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, FortiProxy 7.2.0 through 7.2.11, FortiProxy 7.0.0 through 7.0.18, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions may allow a remote authenticated attacker with access to the security fabric interface and port to write arbitrary files or a remote unauthenticated attacker to delete an arbitrary folder
Published: 2025-01-14T14:09:26.476Z
Updated: 2026-01-14T12:52:51.256Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-26008 vulnerable 2026-06-03 14:55:14.542816 Details available
MEDIUM (5)
An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS version 7.4.0 through 7.4.3 and before 7.2.7, FortiProxy version 7.4.0 through 7.4.3 and before 7.2.9, FortiPAM before 1.2.0 and FortiSwitchManager version 7.2.0 through 7.2.3 and version 7.0.0 through 7.0.3 fgfm daemon may allow an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests.
Published: 2025-10-14T15:23:04.753Z
Updated: 2026-01-14T09:19:16.291Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-40721 vulnerable 2026-06-03 14:52:50.574140 Details available
MEDIUM (6.3)
A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute arbitrary code or commands via specially crafted requests.
Published: 2025-02-11T16:09:06.077Z
Updated: 2026-01-14T14:15:37.909Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-29175 vulnerable 2026-06-03 14:51:40.074078 Details available
MEDIUM (4.4)
An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote FortiGuard's map server.
Published: 2023-06-13T08:41:48.433Z
Updated: 2026-01-14T13:45:58.122Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-23439 vulnerable 2026-06-03 14:46:27.415710 Details available
MEDIUM (4.1)
A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver
Published: 2025-01-22T09:10:28.669Z
Updated: 2026-01-14T13:06:07.365Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.