Vulnerabilities > Fortinet > Fortimanager > 6.2.3

DATE CVE VULNERABILITY TITLE RISK
2021-08-05 CVE-2021-32603 Server-Side Request Forgery (SSRF) vulnerability in Fortinet Fortianalyzer and Fortimanager
A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests.
network
low complexity
fortinet CWE-918
6.5
6.5
2021-07-20 CVE-2021-24022 Classic Buffer Overflow vulnerability in Fortinet Fortianalyzer and Fortimanager
A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.
local
low complexity
fortinet CWE-120
4.4
4.4
2020-09-24 CVE-2020-12811 Cross-site Scripting vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field.
network
low complexity
fortinet CWE-79
6.1
6.1