CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-32603
https://notcve.org/view.php?id=CVE-2021-32603
05 Aug 2021 — A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests. Una vulnerabilidad de tipo server-side request forgery (SSRF) (CWE-918) en FortiManager y FortiAnalyser GUI versiones 7.0.0, versiones 6.4.5 y por debajo, versiones 6.2.7 y por debajo, versiones 6... • https://fortiguard.com/advisory/FG-IR-21-050 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32598
https://notcve.org/view.php?id=CVE-2021-32598
05 Aug 2021 — An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. Una vulnerabilidad de neutralización inapropiada de las secuencias CRLF en los encabezados HTTP ("HTTP Response Splitting")... • https://fortiguard.com/advisory/FG-IR-21-063 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2021-24022
https://notcve.org/view.php?id=CVE-2021-24022
20 Jul 2021 — A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value. Una vulnerabilidad de desbordamiento de búfer en FortiAnalyzer CLI versiones 6.4.5 y posteriores, versiones 6.2.7 y posteriores, versiones 6.0.x y FortiManager CLI versiones 6.4.5 y posteriores, 6.2.7 y... • https://fortiguard.com/advisory/FG-IR-20-194 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12811
https://notcve.org/view.php?id=CVE-2020-12811
24 Sep 2020 — An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field. Una neutralización incorrecta de las etiquetas HTML relacionadas con script en una página web en FortiManager versiones 6.2.0, 6.2.1, 6.2.2 y 6.2.3 y FortiAnalyzer versiones 6.2.0, 6.2.1, 6.2.2 y 6.2.3, puede permitir a un atacante ejecutar un cros... • https://fortiguard.com/advisory/FG-IR-20-005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2020-9289
https://notcve.org/view.php?id=CVE-2020-9289
16 Jun 2020 — Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key. Un uso de una clave criptográfica embebida para cifrar datos de contraseña en la configuración de la CLI en FortiManager versiones 6.2.3 y posteriores, FortiAnalyzer versiones 6.2.3 y posteriores puede permitir a un... • https://github.com/synacktiv/CVE-2020-9289 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-17657
https://notcve.org/view.php?id=CVE-2019-17657
07 Apr 2020 — An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks. Una vulnerabilidad de Consumo No Controlado de Recursos en Fortinet FortiSwitch por debajo de las versiones 3.6.11, 6.0.6 y 6.2.2, FortiAnalyzer ... • https://fortiguard.com/psirt/FG-IR-19-013 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17654
https://notcve.org/view.php?id=CVE-2019-17654
15 Mar 2020 — An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack. Una vulnerabilidad de Verificación Insuficiente de la Autenticidad de Datos en FortiManager versiones 6.2.1, 6.2.0, 6.0.6 y por debajo, puede permitir a un atacante no autenticado llevar a cabo un ataque de tipo Cross-Site WebSocket Hijacking (CSWSH). • https://fortiguard.com/psirt/FG-IR-19-191 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2015-3613
https://notcve.org/view.php?id=CVE-2015-3613
04 Feb 2020 — A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page Se presenta una vulnerabilidad en FortiManager versiones 5.2.1 y anteriores y versiones 5.0.10 y anteriores, en la página de respaldo FTP de la Interfaz de Usuario Web. • http://www.securityfocus.com/bid/74444 • CWE-269: Improper Privilege Management •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3612
https://notcve.org/view.php?id=CVE-2015-3612
04 Feb 2020 — A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page. Se presenta una vulnerabilidad de tipo Cross-site Scripting (XSS) en FortiManager versiones 5.2.1 y anteriores y versiones 5.0.10 y anteriores, por medio de un parámetro no especificado en la página del servicio de actualización automática de FortiWeb. • http://www.securityfocus.com/bid/74444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2015-3611
https://notcve.org/view.php?id=CVE-2015-3611
04 Feb 2020 — A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report. Se presenta una vulnerabilidad de Inyección de Comandos en FortiManager versiones 5.2.1 y anteriores y FortiManager versiones 5.0.10 y anteriores, por medio de vectores no especificados, lo que podría permitir a un usuario malicioso ejecutar comandos de sistema cuando realiza un reporte. • http://www.securityfocus.com/bid/74444 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •