Vulnerabilities > Fortinet > Fortianalyzer > 6.4.8

DATE CVE VULNERABILITY TITLE RISK
2023-02-16 CVE-2022-30304 Cross-site Scripting vulnerability in Fortinet Fortianalyzer
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer.
network
low complexity
fortinet CWE-79
6.1
2022-11-25 CVE-2022-38377 Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.
network
low complexity
fortinet
2.7
2022-11-02 CVE-2022-39950 Cross-site Scripting vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4.
network
low complexity
fortinet CWE-79
5.4
2022-10-10 CVE-2022-26121 Exposure of Resource to Wrong Sphere vulnerability in Fortinet Fortianalyzer and Fortimanager
An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path.
network
low complexity
fortinet CWE-668
5.3
2022-07-18 CVE-2022-26118 Improper Privilege Management vulnerability in Fortinet Fortianalyzer and Fortimanager
A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system.
local
low complexity
fortinet CWE-269
6.7
2021-08-05 CVE-2021-32598 HTTP Request Smuggling vulnerability in Fortinet Fortianalyzer
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.
network
low complexity
fortinet CWE-444
4.3