Vulnerabilities > Fortinet > Fortianalyzer > 6.4.13
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-03-12 | CVE-2023-41842 | Use of Externally-Controlled Format String vulnerability in Fortinet products A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments. | 6.7 |
2024-02-15 | CVE-2023-44253 | Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests. | 5.0 |
2023-10-20 | CVE-2023-44256 | Server-Side Request Forgery (SSRF) vulnerability in Fortinet Fortianalyzer and Fortimanager A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request. | 6.5 |
2023-10-10 | CVE-2023-42782 | Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortianalyzer A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number. | 5.3 |
2023-10-10 | CVE-2023-42787 | Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution. | 6.5 |
2023-10-10 | CVE-2023-44249 | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortianalyzer and Fortimanager An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests. | 6.5 |
2023-04-11 | CVE-2022-42477 | Improper Input Validation vulnerability in Fortinet Fortianalyzer An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries. | 5.5 |
2023-03-07 | CVE-2023-25611 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Fortianalyzer A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names. | 7.3 |