Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortianalyzer vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-42782
A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated malicious user to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number.
Fortinet Fortianalyzer
Fortinet Fortianalyzer 7.4.0
5.4
CVSSv3
CVE-2020-12814
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows malicious user to execute unauthorized code or commands via specifically crafted requests to the web GUI.
Fortinet Fortianalyzer
Fortinet Fortianalyzer 6.4.4
5.5
CVSSv3
CVE-2022-42477
An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated malicious user to disclose file system information via custom dataset SQL queries.
Fortinet Fortianalyzer 7.2.0
Fortinet Fortianalyzer
4.2
CVSSv3
CVE-2022-22305
An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated malicious use...
Fortinet Fortisandbox 4.0.0
Fortinet Fortianalyzer
Fortinet Fortisandbox
Fortinet Fortisandbox 4.0.1
Fortinet Fortisandbox 4.0.2
Fortinet Fortios
Fortinet Fortisandbox 3.0.1
Fortinet Fortianalyzer 7.0.0
Fortinet Fortianalyzer 7.0.1
Fortinet Fortianalyzer 7.0.2
Fortinet Fortimanager 7.0.0
Fortinet Fortimanager 7.0.1
Fortinet Fortimanager
7.1
CVSSv3
CVE-2023-41838
An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 up to and including 7.2.3 may allow malicious user to execute unauthorized code or commands via FortiManager cli.
Fortinet Fortimanager
Fortinet Fortianalyzer 7.4.0
Fortinet Fortianalyzer
Fortinet Fortimanager 7.4.0
6.5
CVSSv3
CVE-2023-42787
A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and prior to 7.2.3 and FortiAnalyzer version 7.4.0 and prior to 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client sid...
Fortinet Fortianalyzer
Fortinet Fortimanager
Fortinet Fortianalyzer 7.4.0
Fortinet Fortimanager 7.4.0
6.7
CVSSv3
CVE-2023-42788
An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 up to and including 7.2.3, version 7.0.0 up to and including 7.0.8, version 6.4.0 up to ...
Fortinet Fortimanager
Fortinet Fortianalyzer 7.4.0
Fortinet Fortianalyzer
Fortinet Fortimanager 7.4.0
5.5
CVSSv3
CVE-2023-40719
A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an malicious user to access Fortinet private testing data via the use of static credentials.
Fortinet Fortianalyzer 7.4.0
Fortinet Fortianalyzer
Fortinet Fortimanager 7.4.0
Fortinet Fortimanager
2.7
CVSSv3
CVE-2022-38377
An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 up to and including 7.0.3, 6.4.0 up to and including 6.4.7, 6.2.0 up to and including 6.2.9, 6.0.0 up to and including 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 up to and including 7.0.3, 6.4.0 up to and ...
Fortinet Fortimanager
Fortinet Fortianalyzer
Fortinet Fortimanager 7.2.0
Fortinet Fortianalyzer 7.2.0
6.5
CVSSv3
CVE-2023-44249
An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and prior to 7.2.3 and FortiAnalyzer version 7.4.0 and prior to 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP req...
Fortinet Fortianalyzer
Fortinet Fortimanager
Fortinet Fortianalyzer 7.4.0
Fortinet Fortimanager 7.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »