Vulnerabilities > Fortinet > Fortimanager Firmware > 5.0.0

DATE CVE VULNERABILITY TITLE RISK
2017-08-22 CVE-2015-3617 Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortimanager Firmware
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.
local
low complexity
fortinet CWE-264
7.8
7.8
2017-08-11 CVE-2015-3616 SQL Injection vulnerability in Fortinet Fortimanager Firmware
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
network
low complexity
fortinet CWE-89
critical
 9.8
9.8
2017-08-11 CVE-2015-3614 Information Exposure vulnerability in Fortinet Fortimanager Firmware
Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability.
network
low complexity
fortinet CWE-200
7.5
7.5
2016-10-07 CVE-2015-7363 Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.
network
low complexity
fortinet CWE-79
5.4
5.4
2016-08-19 CVE-2016-3195 Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
fortinet CWE-79
6.1
6.1
2016-08-19 CVE-2016-3194 Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
fortinet CWE-79
6.1
6.1
2016-08-19 CVE-2016-3193 Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
fortinet CWE-79
5.4
5.4