Vulnerabilities > Fortinet > Fortimanager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-05 | CVE-2021-32598 | HTTP Request Smuggling vulnerability in Fortinet Fortianalyzer and Fortimanager An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. | 4.0 |
| 2021-08-05 | CVE-2021-32603 | Server-Side Request Forgery (SSRF) vulnerability in Fortinet Fortianalyzer and Fortimanager A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests. | 4.0 |
| 2020-09-24 | CVE-2020-12811 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer and Fortimanager An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field. | 4.3 |
| 2020-04-07 | CVE-2019-17657 | Resource Exhaustion vulnerability in Fortinet products An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks. | 5.0 |
| 2020-03-15 | CVE-2019-17654 | Insufficient Verification of Data Authenticity vulnerability in Fortinet Fortimanager An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. | 6.8 |
| 2019-05-28 | CVE-2018-13375 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer and Fortimanager An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. | 4.3 |
| 2019-04-25 | CVE-2018-1360 | Cleartext Transmission of Sensitive Information vulnerability in Fortinet Fortimanager A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses. | 4.3 |
| 2018-09-05 | CVE-2018-1353 | Information Exposure vulnerability in Fortinet Fortimanager An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom. | 4.0 |
| 2018-06-27 | CVE-2018-1355 | Open Redirect vulnerability in Fortinet Fortianalyzer and Fortimanager An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. | 5.8 |
| 2018-06-27 | CVE-2018-1354 | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Fortianalyzer and Fortimanager An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. | 4.0 |