Fortinet

Fortimanager

98 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2021-32587

  • EPSS 0.2%
  • Published 06.08.2021 11:15:07
  • Last modified 21.11.2024 06:07:19

An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retriev...

6.5

CVE-2021-32603

  • EPSS 0.22%
  • Published 05.08.2021 11:15:07
  • Last modified 21.11.2024 06:07:21

A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files ...

4.3

CVE-2021-32598

  • EPSS 0.14%
  • Published 05.08.2021 11:15:07
  • Last modified 21.11.2024 06:07:21

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and re...

4.4

CVE-2021-24022

  • EPSS 0.05%
  • Published 20.07.2021 11:15:11
  • Last modified 21.11.2024 05:52:13

A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the ...

6.1

CVE-2020-12811

  • EPSS 0.32%
  • Published 24.09.2020 18:15:16
  • Last modified 21.11.2024 05:00:19

An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provide...

7.5

CVE-2020-9289

  • EPSS 0.86%
  • Published 16.06.2020 21:15:11
  • Last modified 21.11.2024 05:40:21

Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensit...

7.5

CVE-2019-17657

  • EPSS 0.39%
  • Published 07.04.2020 18:15:13
  • Last modified 21.11.2024 04:32:43

An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (D...

8.8

CVE-2019-17654

  • EPSS 0.22%
  • Published 15.03.2020 23:15:11
  • Last modified 21.11.2024 04:32:42

An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.

9.8

CVE-2015-3613

  • EPSS 2.28%
  • Published 04.02.2020 20:15:11
  • Last modified 21.11.2024 02:29:28

A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page

5.4

CVE-2015-3612

  • EPSS 0.28%
  • Published 04.02.2020 20:15:11
  • Last modified 21.11.2024 02:29:28

A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.