Vulnerabilities > Fortinet > Fortianalyzer > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-07 | CVE-2023-23776 | Cleartext Storage of Sensitive Information vulnerability in Fortinet Fortianalyzer An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer | 3.1 |
| 2022-11-25 | CVE-2022-38377 | Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information. | 2.7 |
| 2021-11-02 | CVE-2020-12814 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI. | 3.5 |
| 2021-10-06 | CVE-2021-36170 | Insufficiently Protected Credentials vulnerability in Fortinet Fortianalyzer An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext. | 2.1 |
| 2021-10-06 | CVE-2021-24021 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks. | 3.5 |
| 2021-08-06 | CVE-2021-32597 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters. | 3.5 |
| 2021-07-20 | CVE-2021-24022 | Classic Buffer Overflow vulnerability in Fortinet Fortianalyzer and Fortimanager A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value. | 2.1 |
| 2020-09-24 | CVE-2020-12815 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields. | 3.5 |
| 2020-06-04 | CVE-2020-6640 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area. | 3.5 |
| 2016-10-07 | CVE-2015-7363 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters. | 3.5 |