Lucene search

K

Fortimanager Security Vulnerabilities

cve
cve

CVE-2019-6695

Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific...

9.8CVSS

9.4AI Score

0.002EPSS

2019-08-23 09:15 PM
100
cve
cve

CVE-2018-13375

An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in...

6.1CVSS

6.2AI Score

0.001EPSS

2019-05-28 07:29 PM
72
cve
cve

CVE-2018-1360

A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON...

8.1CVSS

7.9AI Score

0.002EPSS

2019-04-25 06:29 PM
25
cve
cve

CVE-2018-1353

An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned...

4.3CVSS

4.2AI Score

0.001EPSS

2018-09-05 01:29 PM
20
cve
cve

CVE-2017-17541

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates...

6.1CVSS

6AI Score

0.001EPSS

2018-07-16 08:29 PM
24
cve
cve

CVE-2018-1351

A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation...

4.8CVSS

5.1AI Score

0.001EPSS

2018-06-28 03:29 PM
25
cve
cve

CVE-2018-1355

An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an...

6.1CVSS

6AI Score

0.002EPSS

2018-06-27 08:29 PM
19
cve
cve

CVE-2018-1354

An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary...

6.5CVSS

6.5AI Score

0.002EPSS

2018-06-27 08:29 PM
27
cve
cve

CVE-2015-3617

Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI...

7.8CVSS

7.6AI Score

0.0004EPSS

2017-08-22 03:29 PM
27
cve
cve

CVE-2015-3616

SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified...

9.8CVSS

9.9AI Score

0.001EPSS

2017-08-11 09:29 PM
15
2
cve
cve

CVE-2015-3614

Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified...

7.5CVSS

7.4AI Score

0.002EPSS

2017-08-11 09:29 PM
17
cve
cve

CVE-2015-3615

Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation...

5.4CVSS

5.3AI Score

0.001EPSS

2017-08-11 09:29 PM
17
cve
cve

CVE-2017-3126

An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next...

6.1CVSS

6.5AI Score

0.002EPSS

2017-05-27 12:29 AM
27
cve
cve

CVE-2016-8495

An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing...

7.4CVSS

7.2AI Score

0.001EPSS

2017-02-13 03:59 PM
22
4
cve
cve

CVE-2015-7363

Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or...

5.4CVSS

5.2AI Score

0.001EPSS

2016-10-07 02:59 PM
16
3
cve
cve

CVE-2016-3195

Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified...

6.1CVSS

5.9AI Score

0.002EPSS

2016-08-19 09:59 PM
21
4
cve
cve

CVE-2016-3194

Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified...

6.1CVSS

6AI Score

0.002EPSS

2016-08-19 09:59 PM
16
4
cve
cve

CVE-2016-3193

Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web....

5.4CVSS

5.2AI Score

0.001EPSS

2016-08-19 09:59 PM
17
4
cve
cve

CVE-2016-3196

Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report...

5.4CVSS

5.1AI Score

0.001EPSS

2016-08-05 02:59 PM
22
cve
cve

CVE-2015-3620

Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified...

5.9AI Score

0.003EPSS

2015-05-12 07:59 PM
23
cve
cve

CVE-2014-2336

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and...

5.7AI Score

0.002EPSS

2014-10-31 02:55 PM
18
cve
cve

CVE-2005-4570

The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of.....

6.6AI Score

0.013EPSS

2005-12-29 11:03 AM
17
Total number of security vulnerabilities72