Fortianalyzer Security Vulnerabilities and Issues — Fortianalyzer CVE List

Lucene search

FortinetFortianalyzer

8 matches found

CVE•added 2022/03/01 7:15 p.m.•118 views

CVE-2022-22300

A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiMa...

8.8CVSS8.7AI score0.00253EPSS

CVE•added 2022/11/02 12:15 p.m.•74 views

CVE-2022-39950

An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via...

8CVSS5.6AI score0.00693EPSS

CVE•added 2024/11/12 7:15 p.m.•53 views

CVE-2024-23666

A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigDataat least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6....

8.8CVSS7AI score0.0668EPSS

CVE•added 2023/04/11 5:15 p.m.•41 views

CVE-2023-22642

An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the r...

8.1CVSS8AI score0.00092EPSS

CVE•added 2020/09/24 3:15 p.m.•39 views

CVE-2020-12817

An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.

8.8CVSS8.2AI score0.0025EPSS

CVE•added 2021/08/05 11:15 a.m.•38 views

CVE-2021-32603

A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically craft...

8.8CVSS6.3AI score0.0022EPSS

CVE•added 2025/01/14 2:15 p.m.•36 views

CVE-2024-35273

A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.

8.8CVSS7.2AI score0.00062EPSS

CVE•added 2025/01/14 2:15 p.m.•36 views

CVE-2024-35275

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.

8.8CVSS6.8AI score0.00067EPSS