Fortinet

Fortianalyzer

78 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2023-41838

  • EPSS 0.23%
  • Veröffentlicht 10.10.2023 17:15:12
  • Zuletzt bearbeitet 21.11.2024 08:21:46

An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.

7.8

CVE-2023-25607

  • EPSS 0.15%
  • Veröffentlicht 10.10.2023 17:15:11
  • Zuletzt bearbeitet 21.11.2024 07:49:49

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7....

4.3

CVE-2023-36638

  • EPSS 0.13%
  • Veröffentlicht 13.09.2023 13:15:09
  • Zuletzt bearbeitet 21.11.2024 08:10:08

An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4....

4.2

CVE-2022-22305

  • EPSS 0.07%
  • Veröffentlicht 01.09.2023 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:46:36

An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and...

6.7

CVE-2021-43072

  • EPSS 0.05%
  • Veröffentlicht 18.07.2023 03:15:54
  • Zuletzt bearbeitet 21.11.2024 06:28:38

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0...

6.5

CVE-2023-25606

  • EPSS 0.21%
  • Veröffentlicht 11.07.2023 17:15:12
  • Zuletzt bearbeitet 21.11.2024 07:49:49

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4  all versions may allow a remote and authent...

6.5

CVE-2023-25609

  • EPSS 0.16%
  • Veröffentlicht 13.06.2023 09:15:16
  • Zuletzt bearbeitet 21.11.2024 07:49:49

A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services ...

8.1

CVE-2023-22642

  • EPSS 0.09%
  • Veröffentlicht 11.04.2023 17:15:08
  • Zuletzt bearbeitet 21.11.2024 07:45:06

An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the c...

5.5

CVE-2022-42477

  • EPSS 0.05%
  • Veröffentlicht 11.04.2023 17:15:07
  • Zuletzt bearbeitet 21.11.2024 07:25:03

An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries.

7.3

CVE-2023-25611

  • EPSS 0.1%
  • Veröffentlicht 07.03.2023 17:15:12
  • Zuletzt bearbeitet 21.11.2024 07:49:49

A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in m...