Vulnerabilities > Fortinet > Fortianalyzer > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-11-12 CVE-2023-44255 Unspecified vulnerability in Fortinet Fortianalyzer
An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests.
network
low complexity
fortinet
4.1
2024-11-12 CVE-2024-31496 Out-of-bounds Write vulnerability in Fortinet Fortianalyzer, Fortianalyzer BIG Data and Fortimanager
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests.
local
low complexity
fortinet CWE-787
6.7
2024-11-12 CVE-2024-32116 Path Traversal vulnerability in Fortinet Fortianalyzer, Fortianalyzer BIG Data and Fortimanager
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.
local
low complexity
fortinet CWE-22
6.0
2024-11-12 CVE-2024-32117 Path Traversal vulnerability in Fortinet Fortianalyzer, Fortianalyzer BIG Data and Fortimanager
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests.
network
low complexity
fortinet CWE-22
4.9
2024-11-12 CVE-2024-32118 OS Command Injection vulnerability in Fortinet Fortianalyzer, Fortianalyzer BIG Data and Fortimanager
Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.
local
low complexity
fortinet CWE-78
6.7
2024-09-10 CVE-2023-44254 Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortianalyzer and Fortimanager
An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request.
network
low complexity
fortinet CWE-639
6.5
2024-03-12 CVE-2023-41842 Unspecified vulnerability in Fortinet products
A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.
local
low complexity
fortinet
6.7
2024-02-15 CVE-2023-44253 Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests.
network
low complexity
fortinet
5.0
2023-11-14 CVE-2023-40719 Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager
A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials.
local
low complexity
fortinet
5.5
2023-10-20 CVE-2023-44256 Server-Side Request Forgery (SSRF) vulnerability in Fortinet Fortianalyzer and Fortimanager
A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request.
network
low complexity
fortinet CWE-918
6.5