CVSS: 4.1EPSS: 0%CPEs: 10EXPL: 0CVE-2023-44255
https://notcve.org/view.php?id=CVE-2023-44255
12 Nov 2024 — An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-267 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2024-32117
https://notcve.org/view.php?id=CVE-2024-32117
12 Nov 2024 — An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-115 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-23666
https://notcve.org/view.php?id=CVE-2024-23666
12 Nov 2024 — A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-23-396 • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45330
https://notcve.org/view.php?id=CVE-2024-45330
08 Oct 2024 — A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests. • https://fortiguard.fortinet.com/psirt/FG-IR-24-196 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-44254
https://notcve.org/view.php?id=CVE-2023-44254
10 Sep 2024 — An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request. Una vulnerabilidad de omisión de autorización a través de una clave controlada por el usuario [CWE-639] en FortiAnalyzer versión 7.4.1 y anteriores a 7.2.5 y FortiManager versión 7.4.1 y anteriores a 7.2.5 puede permitir que un atacante remo... • https://fortiguard.com/psirt/FG-IR-23-204 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-21757
https://notcve.org/view.php?id=CVE-2024-21757
13 Aug 2024 — A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, allows an attacker to modify admin passwords via the device configuration backup. • https://fortiguard.fortinet.com/psirt/FG-IR-23-467 • CWE-620: Unverified Password Change •
CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2023-41842
https://notcve.org/view.php?id=CVE-2023-41842
12 Mar 2024 — A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments. Un uso de... • https://fortiguard.com/psirt/FG-IR-23-304 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2023-42791
https://notcve.org/view.php?id=CVE-2023-42791
20 Feb 2024 — A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests. Un path traversal relativo en Fortinet FortiManager versión 7.4.0 y 7.2.0 a 7.2.3 y 7.0.0 a 7.0.8 y 6.4.0 a 6.4.12 y 6.2.0 a 6.2.11 permite al atacante ejecutar código no autorizado o comandos a través de solicitudes HTTP manipuladas. • https://fortiguard.com/psirt/FG-IR-23-189 • CWE-23: Relative Path Traversal •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2023-44253
https://notcve.org/view.php?id=CVE-2023-44253
15 Feb 2024 — An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiManager version 7.4.0 through 7.4.1 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.1 and before 7.2.5 and FortiAnalyzer-BigData before 7.2.5 allows an adom administrator to enumerate other adoms and device names via crafted HTTP or HTTPS requests. Una exposición de información confidencial a una vulnerabilidad de actor no autorizado [CWE-200] en Fortinet FortiManager versión 7.4.0 a 7.4.1 y ante... • https://fortiguard.com/psirt/FG-IR-23-268 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-40719
https://notcve.org/view.php?id=CVE-2023-40719
14 Nov 2023 — A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials. Un uso de vulnerabilidad de credenciales codificadas en Fortinet FortiAnalyzer y FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 y 7.4.0 permite a un atacante acceder a datos de pruebas privados de Fortinet mediante el uso de credenciales estáticas. • https://fortiguard.com/psirt/FG-IR-23-177 • CWE-798: Use of Hard-coded Credentials •