CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12811
https://notcve.org/view.php?id=CVE-2020-12811
24 Sep 2020 — An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field. Una neutralización incorrecta de las etiquetas HTML relacionadas con script en una página web en FortiManager versiones 6.2.0, 6.2.1, 6.2.2 y 6.2.3 y FortiAnalyzer versiones 6.2.0, 6.2.1, 6.2.2 y 6.2.3, puede permitir a un atacante ejecutar un cros... • https://fortiguard.com/advisory/FG-IR-20-005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-9289
https://notcve.org/view.php?id=CVE-2020-9289
16 Jun 2020 — Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key. Un uso de una clave criptográfica embebida para cifrar datos de contraseña en la configuración de la CLI en FortiManager versiones 6.2.3 y posteriores, FortiAnalyzer versiones 6.2.3 y posteriores puede permitir a un... • https://github.com/synacktiv/CVE-2020-9289 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-17657
https://notcve.org/view.php?id=CVE-2019-17657
07 Apr 2020 — An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks. Una vulnerabilidad de Consumo No Controlado de Recursos en Fortinet FortiSwitch por debajo de las versiones 3.6.11, 6.0.6 y 6.2.2, FortiAnalyzer ... • https://fortiguard.com/psirt/FG-IR-19-013 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17654
https://notcve.org/view.php?id=CVE-2019-17654
15 Mar 2020 — An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. Una vulnerabilidad de Verificación Insuficiente de la Autenticidad de Datos en FortiManager versiones 6.2.1, 6.2.0, 6.0.6 y por debajo, puede permitir a un atacante no autenticado llevar a cabo un ataque de tipo Cross-Site WebSocket Hijacking (CSWSH). • https://fortiguard.com/psirt/FG-IR-19-191 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6695
https://notcve.org/view.php?id=CVE-2019-6695
23 Aug 2019 — Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods. La falta de comprobación de integridad del sistema de archivos raíz en las imágenes de la aplicación Fortinet FortiManager VM de 6.2.0, 6.0.6 y posteriores puede permitir que un atacante implante programas de terceros al recrear la imagen a través de métodos específicos. • https://fortiguard.com/advisory/FG-IR-19-017 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-13375
https://notcve.org/view.php?id=CVE-2018-13375
28 May 2019 — An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled). Una neutralización inapropiada de las etiquetas HTML relacionadas con scripting en Fortinet FortiAnalyzer versión 5.6.0 y anteriores y FortiManager versi... • https://fortiguard.com/advisory/FG-IR-18-121 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1353
https://notcve.org/view.php?id=CVE-2018-1353
05 Sep 2018 — An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom. Una vulnerabilidad de divulgación de información en Fortinet FortiManager en versiones 6.0.1 y anteriores permite que un usuario estándar con un assignment adom lea las opciones de interfaz de vdoms que no están relacionadas con el adom asignado. • https://fortiguard.com/advisory/FG-IR-18-016 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1351
https://notcve.org/view.php?id=CVE-2018-1351
28 Jun 2018 — A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log. Una vulnerabilidad Cross-Site Scripting (XSS) en Fortinet FortiManager en versiones 6.0.0, 5.6.6 y anteriores permite que un atacante ejecute código HTML/javascript mediante comandos de interfaz de línea de comandos CLI de los dispositivos remotos administrados al v... • http://www.securityfocus.com/bid/104533 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1354
https://notcve.org/view.php?id=CVE-2018-1354
27 Jun 2018 — An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content. Una vulnerabilidad de control de acceso incorrecto en Fortinet FortiManager en versiones 6.0.0 y 5.6.5 y anteriores y FortiAnalyzer en versiones 6.0.0 y 5.6.5 y anteriores permite que un usuario regular edite la imagen de avatar de otros usuarios con contenido arbitrario. • http://www.securityfocus.com/bid/104537 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1355
https://notcve.org/view.php?id=CVE-2018-1355
27 Jun 2018 — An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs. Una vulnerabilidad de redirección abierta en Fortinet FortiManager en versiones 6.0.0, 5.6.5 y anteriores y en FortiAnalyzer en versi... • http://www.securityfocus.com/bid/104546 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •