Fortianalyzer Security Vulnerabilities and Issues — Fortianalyzer CVE List

Lucene search

FortinetFortianalyzer

9 matches found

CVE•added 2021/12/08 11:15 a.m.•62 views

CVE-2021-42757

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

6.7CVSS6.9AI score0.00082EPSS

CVE•added 2021/08/05 11:15 a.m.•53 views

CVE-2021-32598

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splittin...

4.3CVSS4.6AI score0.00138EPSS

CVE•added 2021/10/06 10:15 a.m.•43 views

CVE-2021-24021

An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the ...

5.4CVSS4.9AI score0.00187EPSS

CVE•added 2021/08/06 11:15 a.m.•43 views

CVE-2021-32587

An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs...

4.3CVSS4.5AI score0.00204EPSS

CVE•added 2021/07/20 11:15 a.m.•39 views

CVE-2021-24022

A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the diagnose system geoip-city command with a large i...

6.7CVSS4.9AI score0.0005EPSS

CVE•added 2021/08/06 11:15 a.m.•39 views

CVE-2021-32597

Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious pay...

5.4CVSS5AI score0.0017EPSS

CVE•added 2021/08/05 11:15 a.m.•38 views

CVE-2021-32603

A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically craft...

8.8CVSS6.3AI score0.0022EPSS

CVE•added 2021/10/06 10:15 a.m.•38 views

CVE-2021-36170

An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.

3.2CVSS3.7AI score0.0005EPSS

CVE•added 2021/11/02 6:15 p.m.•27 views

CVE-2020-12814

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI.

5.4CVSS5.8AI score0.00502EPSS