CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-25609
https://notcve.org/view.php?id=CVE-2023-25609
A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests. • https://fortiguard.com/psirt/FG-IR-22-493 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-22642
https://notcve.org/view.php?id=CVE-2023-22642
An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources. • https://fortiguard.com/psirt/FG-IR-22-502 • CWE-295: Improper Certificate Validation •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42477
https://notcve.org/view.php?id=CVE-2022-42477
An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries. • https://fortiguard.com/psirt/FG-IR-22-432 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2022-27490
https://notcve.org/view.php?id=CVE-2022-27490
A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands. • https://fortiguard.com/psirt/FG-IR-18-232 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-23776
https://notcve.org/view.php?id=CVE-2023-23776
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer • https://fortiguard.com/psirt/FG-IR-22-447 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •