CVSS: 2.3EPSS: 0%CPEs: 10EXPL: 0CVE-2024-35274
https://notcve.org/view.php?id=CVE-2024-35274
An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-179 • CWE-23: Relative Path Traversal •
CVSS: 6.7EPSS: 0%CPEs: 10EXPL: 0CVE-2024-32118
https://notcve.org/view.php?id=CVE-2024-32118
Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-116 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.1EPSS: 0%CPEs: 10EXPL: 0CVE-2024-32116
https://notcve.org/view.php?id=CVE-2024-32116
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-099 • CWE-23: Relative Path Traversal •
CVSS: 4.1EPSS: 0%CPEs: 10EXPL: 0CVE-2023-44255
https://notcve.org/view.php?id=CVE-2023-44255
An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-267 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47543
https://notcve.org/view.php?id=CVE-2023-47543
An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-448 • CWE-639: Authorization Bypass Through User-Controlled Key •