Vulnerabilities > Fortinet > Fortianalyzer > 4.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-06 | CVE-2021-36170 | Insufficiently Protected Credentials vulnerability in Fortinet Fortianalyzer An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext. | 2.1 |
| 2021-08-06 | CVE-2021-32597 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters. | 3.5 |
| 2020-09-24 | CVE-2020-12815 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. | 3.5 |
| 2020-06-16 | CVE-2020-9289 | Use of Hard-coded Credentials vulnerability in Fortinet Fortimanager Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key. | 7.5 |
| 2020-06-04 | CVE-2020-6640 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area. | 3.5 |
| 2020-04-07 | CVE-2019-17657 | Resource Exhaustion vulnerability in Fortinet products An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks. | 5.0 |
| 2019-05-28 | CVE-2018-13375 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer and Fortimanager An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. | 4.3 |
| 2018-06-27 | CVE-2018-1355 | Open Redirect vulnerability in Fortinet Fortianalyzer and Fortimanager An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. | 5.8 |
| 2018-06-27 | CVE-2018-1354 | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortianalyzer and Fortimanager An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. | 4.0 |