CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0CVE-2015-3616
https://notcve.org/view.php?id=CVE-2015-3616
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters. Una vulnerabilidad de inyección SQL en Fortinet FortiManager en sus versiones 5.0.x anteriores a la 5.0.11, y versiones 5.2.x anteriores a la 5.2.2 permite que atacantes remotos ejecuten comandos arbitrarios mediante parámetros sin especificar. • http://www.securityfocus.com/bid/74444 http://www.securitytracker.com/id/1032188 https://fortiguard.com/psirt/FG-IR-15-011 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2015-3614
https://notcve.org/view.php?id=CVE-2015-3614
Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability. Fortinet FortiManager en sus versiones 5.0.x anteriores a la 5.0.11, y en versiones 5.2.x anteriores a la 5.2.2 permite que atacantes remotos obtengan archivos arbitrarios mediante vectores que implican otra vulnerabilidad sin especificar. • http://www.securityfocus.com/bid/74444 http://www.securitytracker.com/id/1032188 https://fortiguard.com/psirt/FG-IR-15-011 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 16EXPL: 0CVE-2015-3615
https://notcve.org/view.php?id=CVE-2015-3615
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Fortinet FortiManager en sus versiones 5.0.x anteriores a la 5.0.11, y versiones 5.2.x anteriores a la 5.2.2 permite que usuarios remotos autenticados inyecten scripts web o HTML arbitrarios mediante vectores que implican parámetros sin especificar y un ataque de escalado de privilegios. • http://www.securityfocus.com/bid/74444 http://www.securitytracker.com/id/1032188 https://fortiguard.com/psirt/FG-IR-15-011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •