Vulnerabilities > Fortinet > Fortimanager > 7.0.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-09 | CVE-2023-47542 | Code Injection vulnerability in Fortinet Fortimanager A improper neutralization of special elements used in a template engine [CWE-1336] in FortiManager versions 7.4.1 and below, versions 7.2.4 and below, and 7.0.10 and below allows attacker to execute unauthorized code or commands via specially crafted templates. | 6.7 |
| 2024-03-12 | CVE-2023-36554 | Unspecified vulnerability in Fortinet Fortimanager A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially crafted HTTP requests. | 9.8 |
| 2024-02-15 | CVE-2023-44253 | Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests. | 5.0 |
| 2023-11-14 | CVE-2023-40719 | Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials. | 5.5 |