Fortideceptor Fortinet Fortideceptor

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Fortinet Fortideceptor.

By the Year

In 2025 there have been 2 vulnerabilities in Fortinet Fortideceptor with an average score of 5.2 out of ten. Fortideceptor did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2025 as compared to last year.

Year Vulnerabilities Average Score
2025 2 5.20
2024 0 0.00
2023 2 7.05
2022 3 7.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Fortideceptor vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Fortinet Fortideceptor Security Vulnerabilities

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may

CVE-2024-35280 6.1 - Medium - January 15, 2025

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints

XSS

An Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may

CVE-2024-45326 4.3 - Medium - January 14, 2025

An Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests.

Authorization

A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3

CVE-2022-27487 8.8 - High - April 11, 2023

A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests.

Improper Privilege Management

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before

CVE-2023-26209 5.3 - Medium - March 09, 2023

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.

Improper Restriction of Excessive Authentication Attempts

An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may

CVE-2022-30305 7.5 - High - December 06, 2022

An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may

CVE-2022-38373 5.4 - Medium - November 02, 2022

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.

XSS

Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may

CVE-2022-30302 8.1 - High - July 19, 2022

Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests.

Directory traversal

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fortinet Fortideceptor or by Fortinet? Click the Watch button to subscribe.

Fortinet
Vendor

subscribe