Filtered by vendor Fortinet
Subscriptions
Filtered by product Fortianalyzer
Subscriptions
Total
58 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12814 | 1 Fortinet | 1 Fortianalyzer | 2024-11-21 | 4.1 Medium |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI. | ||||
| CVE-2020-12811 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 6.1 Medium |
| An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field. | ||||
| CVE-2019-17657 | 1 Fortinet | 5 Fortianalyzer, Fortiap-s, Fortiap-w2 and 2 more | 2024-11-21 | 7.5 High |
| An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks. | ||||
| CVE-2018-1355 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | N/A |
| An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs. | ||||
| CVE-2018-1354 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | N/A |
| An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. | ||||
| CVE-2018-13375 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | N/A |
| An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled). | ||||
| CVE-2015-7363 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Firmware, Fortimanager and 1 more | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters. | ||||
| CVE-2024-23666 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-13 | 7.1 High |
| A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests. | ||||
| CVE-2024-32116 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-13 | 4.8 Medium |
| Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests. | ||||
| CVE-2023-44255 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-13 | 3.9 Low |
| An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests. | ||||
| CVE-2024-32118 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-13 | 6.3 Medium |
| Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests. | ||||
| CVE-2024-32117 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-13 | 4.7 Medium |
| An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests. | ||||
| CVE-2024-35274 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-13 | 2.2 Low |
| An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests. | ||||
| CVE-2024-31496 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-13 | 6.3 Medium |
| A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests. | ||||
| CVE-2024-33505 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-13 | 5.3 Medium |
| A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests | ||||
| CVE-2024-45330 | 1 Fortinet | 2 Fortianalyzer, Fortianalyzer Cloud | 2024-10-19 | 6.8 Medium |
| A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests. | ||||
| CVE-2023-44254 | 1 Fortinet | 3 Fortianalyzer, Fortianalyzer-bigdata, Fortimanager | 2024-09-25 | 4.7 Medium |
| An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request. | ||||
| CVE-2024-21757 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-08-22 | 5.5 Medium |
| A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup. | ||||