Vulnerabilities > Fortinet > Fortimanager > 5.2.1

DATE CVE VULNERABILITY TITLE RISK
2021-10-06 CVE-2021-36170 Insufficiently Protected Credentials vulnerability in Fortinet Fortianalyzer
An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.
local
low complexity
fortinet CWE-522
2.1
2021-09-30 CVE-2021-24016 Improper Neutralization of Formula Elements in a CSV File vulnerability in Fortinet Fortimanager
An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host.
network
fortinet CWE-1236
critical
9.3
2021-09-30 CVE-2021-24017 Improper Authentication vulnerability in Fortinet Fortimanager
An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler.
network
low complexity
fortinet CWE-287
4.0
2021-08-06 CVE-2021-32597 Cross-site Scripting vulnerability in Fortinet Fortianalyzer
Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters.
network
fortinet CWE-79
3.5
2020-06-16 CVE-2020-9289 Use of Hard-coded Credentials vulnerability in Fortinet Fortimanager
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.
network
low complexity
fortinet CWE-798
7.5
2020-04-07 CVE-2019-17657 Resource Exhaustion vulnerability in Fortinet products
An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.
network
low complexity
fortinet CWE-400
5.0
2020-03-15 CVE-2019-17654 Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortimanager
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.
network
fortinet CWE-345
6.8
2020-02-04 CVE-2015-3613 Improper Privilege Management vulnerability in Fortinet Fortimanager
A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page
network
low complexity
fortinet CWE-269
7.5
2020-02-04 CVE-2015-3612 Cross-site Scripting vulnerability in Fortinet Fortimanager
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.
network
fortinet CWE-79
3.5
2020-02-04 CVE-2015-3611 OS Command Injection vulnerability in Fortinet Fortimanager
A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report.
network
low complexity
fortinet CWE-78
critical
9.0