Vulnerabilities > Fortinet > Fortianalyzer > 7.0.0

DATE CVE VULNERABILITY TITLE RISK
2023-04-11 CVE-2023-22642 Improper Certificate Validation vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources.
network
high complexity
fortinet CWE-295
8.1
2023-03-07 CVE-2023-23776 Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortianalyzer
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer
network
high complexity
fortinet CWE-312
3.1
2023-03-07 CVE-2023-25611 Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Fortianalyzer
A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names.
local
low complexity
fortinet CWE-1236
7.3
2023-02-16 CVE-2022-30304 Cross-site Scripting vulnerability in Fortinet Fortianalyzer
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer.
network
low complexity
fortinet CWE-79
6.1
2022-11-02 CVE-2022-39950 Cross-site Scripting vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4.
network
low complexity
fortinet CWE-79
5.4
2022-07-18 CVE-2022-26118 Improper Privilege Management vulnerability in Fortinet Fortianalyzer and Fortimanager
A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system.
local
low complexity
fortinet CWE-269
6.7
2021-12-08 CVE-2021-42757 Out-of-bounds Write vulnerability in Fortinet products
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
local
low complexity
fortinet CWE-787
6.7
2021-10-06 CVE-2021-36170 Insufficiently Protected Credentials vulnerability in Fortinet Fortianalyzer and Fortimanager
An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.
local
low complexity
fortinet CWE-522
3.2
2021-08-06 CVE-2021-32587 Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration.
network
low complexity
fortinet
4.3
2021-08-06 CVE-2021-32597 Cross-site Scripting vulnerability in Fortinet Fortianalyzer and Fortimanager
Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters.
network
low complexity
fortinet CWE-79
5.4