Lucene search

K

5 matches found

CVE
CVE
added 2020/04/07 6:15 p.m.62 views

CVE-2019-17657

An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/re...

7.5CVSS7.3AI score0.00387EPSS
CVE
CVE
added 2021/09/30 4:15 p.m.48 views

CVE-2021-24016

An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host.

9.3CVSS6.7AI score0.00143EPSS
CVE
CVE
added 2021/08/06 11:15 a.m.40 views

CVE-2021-32597

Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious pay...

5.4CVSS5AI score0.0017EPSS
CVE
CVE
added 2021/09/30 4:15 p.m.39 views

CVE-2021-24017

An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler.

5.4CVSS4.8AI score0.00154EPSS
CVE
CVE
added 2021/10/06 10:15 a.m.39 views

CVE-2021-36170

An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.

3.2CVSS3.7AI score0.0011EPSS