Vulnerabilities > Fortinet > Fortimanager > Low

DATE CVE VULNERABILITY TITLE RISK
2022-11-25 CVE-2022-38377 Unspecified vulnerability in Fortinet Fortianalyzer and Fortimanager
An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information.
network
low complexity
fortinet
2.7
2022-03-02 CVE-2022-22303 Information Exposure vulnerability in Fortinet Fortimanager
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file.
local
low complexity
fortinet CWE-200
2.1
2021-11-03 CVE-2021-36192 Information Exposure vulnerability in Fortinet Fortimanager
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ADOMS.
local
low complexity
fortinet CWE-200
2.1
2021-10-06 CVE-2021-36170 Insufficiently Protected Credentials vulnerability in Fortinet Fortianalyzer
An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.
local
low complexity
fortinet CWE-522
2.1
2021-08-06 CVE-2021-32597 Cross-site Scripting vulnerability in Fortinet Fortianalyzer
Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters.
network
fortinet CWE-79
3.5
2021-07-20 CVE-2021-24022 Classic Buffer Overflow vulnerability in Fortinet Fortianalyzer and Fortimanager
A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.
local
low complexity
fortinet CWE-120
2.1
2020-02-04 CVE-2015-3612 Cross-site Scripting vulnerability in Fortinet Fortimanager
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.
network
fortinet CWE-79
3.5
2018-06-28 CVE-2018-1351 Cross-site Scripting vulnerability in Fortinet Fortimanager
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log.
network
fortinet CWE-79
3.5
2016-10-07 CVE-2015-7363 Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.
network
fortinet CWE-79
3.5