Fortinet

Fortianalyzer

78 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2023-41838

  • EPSS 0.23%
  • Published 10.10.2023 17:15:12
  • Last modified 21.11.2024 08:21:46

An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.

7.8

CVE-2023-25607

  • EPSS 0.15%
  • Published 10.10.2023 17:15:11
  • Last modified 21.11.2024 07:49:49

An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7....

4.3

CVE-2023-36638

  • EPSS 0.13%
  • Published 13.09.2023 13:15:09
  • Last modified 21.11.2024 08:10:08

An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4....

4.2

CVE-2022-22305

  • EPSS 0.07%
  • Published 01.09.2023 12:15:08
  • Last modified 21.11.2024 06:46:36

An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and...

6.7

CVE-2021-43072

  • EPSS 0.05%
  • Published 18.07.2023 03:15:54
  • Last modified 21.11.2024 06:28:38

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0...

6.5

CVE-2023-25606

  • EPSS 0.21%
  • Published 11.07.2023 17:15:12
  • Last modified 21.11.2024 07:49:49

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4  all versions may allow a remote and authent...

6.5

CVE-2023-25609

  • EPSS 0.16%
  • Published 13.06.2023 09:15:16
  • Last modified 21.11.2024 07:49:49

A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services ...

8.1

CVE-2023-22642

  • EPSS 0.09%
  • Published 11.04.2023 17:15:08
  • Last modified 21.11.2024 07:45:06

An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the c...

5.5

CVE-2022-42477

  • EPSS 0.05%
  • Published 11.04.2023 17:15:07
  • Last modified 21.11.2024 07:25:03

An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries.

7.3

CVE-2023-25611

  • EPSS 0.1%
  • Published 07.03.2023 17:15:12
  • Last modified 21.11.2024 07:49:49

A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in m...