Vulnerabilities > Fortinet > Fortianalyzer BIG Data > 7.2.7

DATE CVE VULNERABILITY TITLE RISK
2024-11-12 CVE-2024-31496 Out-of-bounds Write vulnerability in Fortinet Fortianalyzer, Fortianalyzer BIG Data and Fortimanager
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests.
local
low complexity
fortinet CWE-787
6.7
2024-11-12 CVE-2024-32116 Path Traversal vulnerability in Fortinet Fortianalyzer, Fortianalyzer BIG Data and Fortimanager
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.
local
low complexity
fortinet CWE-22
6.0
2024-11-12 CVE-2024-32117 Path Traversal vulnerability in Fortinet Fortianalyzer, Fortianalyzer BIG Data and Fortimanager
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests.
network
low complexity
fortinet CWE-22
4.9
2024-11-12 CVE-2024-32118 OS Command Injection vulnerability in Fortinet Fortianalyzer, Fortianalyzer BIG Data and Fortimanager
Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.
local
low complexity
fortinet CWE-78
6.7
2024-11-12 CVE-2024-35274 Path Traversal vulnerability in Fortinet Fortianalyzer
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests.
local
low complexity
fortinet CWE-22
2.3