Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortimanager vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-32589
Fortinet FortiManager and Fortinet FortiAnalyzer use after free vulnerability in fgfmsd daemon. A Use After Free (CWE-416) vulnerability in FortiManager and FortiAnalyzer fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending...
6.1
CVSSv3
CVE-2020-12811
An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an malicious user to execute a cross site scripting (XSS) via the Identify Provider name field.
Fortinet Fortianalyzer
Fortinet Fortimanager
7.5
CVSSv3
CVE-2020-9289
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the...
Fortinet Fortimanager
Fortinet Fortianalyzer
1 Github repository
7.5
CVSSv3
CVE-2019-17657
An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an malicious user to cause admin webUI denial of service (DoS) via handling special...
Fortinet Fortianalyzer
Fortinet Fortiap-s
Fortinet Fortiap-w2
Fortinet Fortimanager
Fortinet Fortiswitch
8.8
CVSSv3
CVE-2019-17654
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated malicious user to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.
Fortinet Fortimanager
Fortinet Fortimanager 6.2.0
Fortinet Fortimanager 6.2.1
8.8
CVSSv3
CVE-2015-3611
A Command Injection vulnerability exists in FortiManager 5.2.1 and previous versions and FortiManager 5.0.10 and previous versions via unspecified vectors, which could let a malicious user run systems commands when executing a report.
Fortinet Fortimanager
5.4
CVSSv3
CVE-2015-3612
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and previous versions and 5.0.10 and previous versions via an unspecified parameter in the FortiWeb auto update service page.
Fortinet Fortimanager
9.8
CVSSv3
CVE-2015-3613
A vulnerability exists in in FortiManager 5.2.1 and previous versions and 5.0.10 and previous versions in the WebUI FTP backup page
Fortinet Fortimanager
9.8
CVSSv3
CVE-2019-6695
Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an malicious user to implant third-party programs by recreating the image through specific methods.
Fortinet Fortimanager 6.2.0
Fortinet Fortimanager
6.1
CVSSv3
CVE-2018-13375
An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an malicious user to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while view...
Fortinet Fortianalyzer
Fortinet Fortimanager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »