Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortimanager vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2021-26107
An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager.
Fortinet Fortimanager 6.4.4
Fortinet Fortimanager 6.4.5
2.1
CVSSv2
CVE-2021-36170
An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated malicious user to read the FortiCloud credentials which were used to activate the trial license in cleartext.
Fortinet Fortianalyzer
Fortinet Fortimanager
9.3
CVSSv2
CVE-2021-24016
An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows malicious user to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim ...
Fortinet Fortimanager
4
CVSSv2
CVE-2021-24017
An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows malicious user to assign arbitrary Policy and Object modules via crafted requests to the request handler.
Fortinet Fortimanager
6.5
CVSSv2
CVE-2021-24006
An improper access control vulnerability in FortiManager versions 6.4.0 to 6.4.3 may allow an authenticated attacker with a restricted user profile to access the SD-WAN Orchestrator panel via directly visiting its URL.
Fortinet Fortimanager
4
CVSSv2
CVE-2021-32587
An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative u...
Fortinet Fortianalyzer
Fortinet Fortimanager
3.5
CVSSv2
CVE-2021-32597
Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated malicious user to perform a Stored Cross Site Scripting attack (XSS) b...
Fortinet Fortianalyzer
Fortinet Fortimanager
4
CVSSv2
CVE-2021-32598
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote malicious user ...
Fortinet Fortianalyzer
Fortinet Fortimanager
4
CVSSv2
CVE-2021-32603
A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated malicious user to access unauthorized files and services on the syst...
Fortinet Fortianalyzer
Fortinet Fortimanager
2.1
CVSSv2
CVE-2021-24022
A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local malicious user to perform a Denial of Service attack by running the `diagnose system geoip-c...
Fortinet Fortianalyzer
Fortinet Fortimanager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »