Fortianalyzer@7.4.0 Security Vulnerabilities and Issues — Fortianalyzer@7.4.0 CVE List

Lucene search

FortinetFortianalyzer7.4.0

9 matches found

CVE•added 2023/11/14 7:15 p.m.•78 views

CVE-2023-40719

A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials.

5.5CVSS5.5AI score0.00045EPSS

CVE•added 2023/10/20 10:15 a.m.•58 views

CVE-2023-44256

A server-side request forgery vulnerability [CWE-918] in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal ...

6.5CVSS6.4AI score0.0072EPSS

CVE•added 2024/09/10 3:15 p.m.•51 views

CVE-2023-44254

An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request.

6.5CVSS6.8AI score0.00198EPSS

CVE•added 2023/10/10 5:15 p.m.•47 views

CVE-2023-42787

A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution.

6.5CVSS6.7AI score0.0075EPSS

CVE•added 2023/10/10 5:15 p.m.•45 views

CVE-2023-42788

An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a loc...

7.8CVSS6.7AI score0.00314EPSS

CVE•added 2023/10/10 5:15 p.m.•40 views

CVE-2023-44249

An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests.

6.5CVSS6.3AI score0.00195EPSS

CVE•added 2024/02/15 2:15 p.m.•34 views

CVE-2023-44253

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate ot...

5CVSS4.9AI score0.0033EPSS

CVE•added 2023/10/10 5:15 p.m.•32 views

CVE-2023-41838

An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.

7.1CVSS7.2AI score0.00231EPSS

CVE•added 2023/10/10 5:15 p.m.•27 views

CVE-2023-42782

A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number.

5.3CVSS5.3AI score0.00321EPSS