Vulnerabilities > Fortinet > Fortianalyzer > 6.4.13

DATE CVE VULNERABILITY TITLE RISK
2023-04-11 CVE-2022-42477 Improper Input Validation vulnerability in Fortinet Fortianalyzer
An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries.
local
low complexity
fortinet CWE-20
5.5
5.5
2023-03-07 CVE-2023-25611 Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Fortianalyzer
A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names.
local
low complexity
fortinet CWE-1236
7.3
7.3
2021-08-05 CVE-2021-32598 HTTP Request Smuggling vulnerability in Fortinet Fortianalyzer
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.
network
low complexity
fortinet CWE-444
4.3
4.3