Fortinet

Fortianalyzer

89 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2020-12815

  • EPSS 0.18%
  • Veröffentlicht 24.09.2020 18:15:16
  • Zuletzt bearbeitet 21.11.2024 05:00:19

An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields.

6.1

CVE-2020-12811

  • EPSS 0.32%
  • Veröffentlicht 24.09.2020 18:15:16
  • Zuletzt bearbeitet 21.11.2024 05:00:19

An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provide...

8.8

CVE-2020-12817

  • EPSS 0.44%
  • Veröffentlicht 24.09.2020 15:15:13
  • Zuletzt bearbeitet 21.11.2024 05:00:20

An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.

7.5

CVE-2020-9289

  • EPSS 1.02%
  • Veröffentlicht 16.06.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 05:40:21

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensit...

5.4

CVE-2020-6640

  • EPSS 0.2%
  • Veröffentlicht 04.06.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 05:36:04

An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area.

7.5

CVE-2019-17657

  • EPSS 0.78%
  • Veröffentlicht 07.04.2020 18:15:13
  • Zuletzt bearbeitet 21.11.2024 04:32:43

An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (D...

6.1

CVE-2018-13375

  • EPSS 0.3%
  • Veröffentlicht 28.05.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:46:58

An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script cod...

6.1

CVE-2018-1355

  • EPSS 0.23%
  • Veröffentlicht 27.06.2018 20:29:04
  • Zuletzt bearbeitet 21.11.2024 03:59:41

An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature....

6.5

CVE-2018-1354

  • EPSS 0.2%
  • Veröffentlicht 27.06.2018 20:29:03
  • Zuletzt bearbeitet 21.11.2024 03:59:40

An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.