Vulnerabilities > Fortinet > Fortianalyzer

DATE CVE VULNERABILITY TITLE RISK
2022-03-01 CVE-2022-22300 Improper Handling of Exceptional Conditions vulnerability in Fortinet Fortianalyzer and Fortimanager
A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user.
network
low complexity
fortinet CWE-755
8.8
2021-12-08 CVE-2021-42757 Out-of-bounds Write vulnerability in Fortinet products
A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.
local
low complexity
fortinet CWE-787
6.7
2021-11-02 CVE-2020-12814 Cross-site Scripting vulnerability in Fortinet Fortianalyzer
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI.
network
low complexity
fortinet CWE-79
5.4
2021-10-06 CVE-2021-24021 Cross-site Scripting vulnerability in Fortinet Fortianalyzer
An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks.
network
low complexity
fortinet CWE-79
5.4
2021-10-06 CVE-2021-36170 Insufficiently Protected Credentials vulnerability in Fortinet Fortianalyzer and Fortimanager
An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.
local
low complexity
fortinet CWE-522
3.2
2021-08-06 CVE-2021-32587 Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration.
network
low complexity
fortinet
4.3
2021-08-06 CVE-2021-32597 Cross-site Scripting vulnerability in Fortinet Fortianalyzer and Fortimanager
Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters.
network
low complexity
fortinet CWE-79
5.4
2021-08-05 CVE-2021-32598 HTTP Request Smuggling vulnerability in Fortinet Fortianalyzer
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.
network
low complexity
fortinet CWE-444
4.3
2021-08-05 CVE-2021-32603 Server-Side Request Forgery (SSRF) vulnerability in Fortinet Fortianalyzer and Fortimanager
A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests.
network
low complexity
fortinet CWE-918
6.5
2021-07-20 CVE-2021-24022 Classic Buffer Overflow vulnerability in Fortinet Fortianalyzer and Fortimanager
A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.
local
low complexity
fortinet CWE-120
4.4