Vulnerabilities > Fortinet > Fortimanager

DATE CVE VULNERABILITY TITLE RISK
2021-08-05 CVE-2021-32603 Server-Side Request Forgery (SSRF) vulnerability in Fortinet Fortianalyzer and Fortimanager
A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests.
network
low complexity
fortinet CWE-918
6.5
2021-07-20 CVE-2021-24022 Classic Buffer Overflow vulnerability in Fortinet Fortianalyzer and Fortimanager
A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.
local
low complexity
fortinet CWE-120
4.4
2020-09-24 CVE-2020-12811 Cross-site Scripting vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field.
network
low complexity
fortinet CWE-79
6.1
2020-06-16 CVE-2020-9289 Use of Hard-coded Credentials vulnerability in Fortinet Fortimanager
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.
network
low complexity
fortinet CWE-798
7.5
2020-04-07 CVE-2019-17657 Resource Exhaustion vulnerability in Fortinet products
An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.
network
low complexity
fortinet CWE-400
7.5
2020-03-15 CVE-2019-17654 Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortimanager
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.
network
low complexity
fortinet CWE-345
8.8
2020-02-04 CVE-2015-3613 Improper Privilege Management vulnerability in Fortinet Fortimanager
A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page
network
low complexity
fortinet CWE-269
critical
9.8
2020-02-04 CVE-2015-3612 Cross-site Scripting vulnerability in Fortinet Fortimanager
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.
network
low complexity
fortinet CWE-79
5.4
2020-02-04 CVE-2015-3611 OS Command Injection vulnerability in Fortinet Fortimanager
A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report.
network
low complexity
fortinet CWE-78
8.8
2019-08-23 CVE-2019-6695 Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortimanager 6.2.0
Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods.
network
low complexity
fortinet CWE-345
critical
9.8