CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2015-3614
https://notcve.org/view.php?id=CVE-2015-3614
11 Aug 2017 — Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability. Fortinet FortiManager en sus versiones 5.0.x anteriores a la 5.0.11, y en versiones 5.2.x anteriores a la 5.2.2 permite que atacantes remotos obtengan archivos arbitrarios mediante vectores que implican otra vulnerabilidad sin especificar. • http://www.securityfocus.com/bid/74444 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 16EXPL: 0CVE-2015-3615
https://notcve.org/view.php?id=CVE-2015-3615
11 Aug 2017 — Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Fortinet FortiManager en sus versiones 5.0.x anteriores a la 5.0.11, y versiones 5.2.x anteriores a la 5.2.2 permite que usuarios remotos autenticados inyecten scripts web o HTML arbitrarios media... • http://www.securityfocus.com/bid/74444 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0CVE-2015-3616
https://notcve.org/view.php?id=CVE-2015-3616
11 Aug 2017 — SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters. Una vulnerabilidad de inyección SQL en Fortinet FortiManager en sus versiones 5.0.x anteriores a la 5.0.11, y versiones 5.2.x anteriores a la 5.2.2 permite que atacantes remotos ejecuten comandos arbitrarios mediante parámetros sin especificar. • http://www.securityfocus.com/bid/74444 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •