cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-39950,https://securityvulnerability.io/vulnerability/CVE-2022-39950,,"An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor ""protected"" comment as described in CVE-2020-9281.",Fortinet,"Fortinet Fortianalyzer, Fortimanager",8,HIGH,0.000539999979082495,false,false,false,false,,false,false,2022-11-02T00:00:00.000Z,0
CVE-2022-27483,https://securityvulnerability.io/vulnerability/CVE-2022-27483,,"A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose system` CLI commands.",Fortinet,"Fortinet Fortimanager, Fortianalyzer",7.2,HIGH,0.0013200000394135714,false,false,false,false,,false,false,2022-07-19T14:15:00.000Z,0
CVE-2022-26118,https://securityvulnerability.io/vulnerability/CVE-2022-26118,,"A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system.",Fortinet,"Fortinet Fortimanager , Fortianalyzer",6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-07-18T16:40:52.000Z,0
CVE-2021-26104,https://securityvulnerability.io/vulnerability/CVE-2021-26104,,"Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, FortiAnalyzer 6.2.7 and below, 6.4.5 and below and all versions of 6.2.x, 6.0.x and 5.6.x, and FortiPortal 5.2.5 and below, 5.3.5 and below and 6.0.4 and below may allow a local authenticated and unprivileged user to execute arbitrary shell commands as root via specifically crafted CLI command parameters.",Fortinet,"Fortinet Fortimanager, Fortianalyzer, Fortiportal",7.8,HIGH,0.010730000212788582,false,false,false,false,,false,false,2022-04-06T16:00:20.000Z,0
CVE-2022-22300,https://securityvulnerability.io/vulnerability/CVE-2022-22300,,"A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5.6.0 through 5.6.11, FortiAnalyzer version 6.0.0 through 6.0.11, FortiAnalyzer version 6.2.0 through 6.2.9, FortiAnalyzer version 6.4.0 through 6.4.7, FortiAnalyzer version 7.0.0 through 7 .0.2, FortiManager version 5.6.0 through 5.6.11, FortiManager version 6.0.0 through 6.0.11, FortiManager version 6.2.0 through 6.2.9, FortiManager version 6.4.0 through 6.4.7, FortiManager version 7.0.0 through 7.0.2 allows attacker to bypass the device policy and force the password-change action for its user.",Fortinet,"Fortinet Fortimanager, Fortianalyzer",4.3,MEDIUM,0.0010400000028312206,false,false,false,false,,false,false,2022-03-01T18:25:16.000Z,0
CVE-2021-36170,https://securityvulnerability.io/vulnerability/CVE-2021-36170,,An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.,Fortinet,"Fortinet Fortimanager, Fortianalyzer",3.2,LOW,0.0004400000034365803,false,false,false,false,,false,false,2021-10-06T09:22:29.000Z,0
CVE-2021-32587,https://securityvulnerability.io/vulnerability/CVE-2021-32587,,"An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.5 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker with restricted user profile to retrieve the list of administrative users of other ADOMs and their related configuration.",Fortinet,"Fortinet Fortianalyzer, Fortimanager",4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2021-08-06T10:51:07.000Z,0
CVE-2021-32597,https://securityvulnerability.io/vulnerability/CVE-2021-32597,,"Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters.",Fortinet,"Fortinet Fortianalyzer, Fortimanager",4.6,MEDIUM,0.0006600000197067857,false,false,false,false,,false,false,2021-08-06T10:48:20.000Z,0
CVE-2021-32603,https://securityvulnerability.io/vulnerability/CVE-2021-32603,,"A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests.",Fortinet,"Fortinet Fortianalyzer, Fortimanager",8.8,HIGH,0.0006500000017695129,false,false,false,false,,false,false,2021-08-05T10:41:00.000Z,0
CVE-2021-32598,https://securityvulnerability.io/vulnerability/CVE-2021-32598,,"An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.",Fortinet,"Fortinet Fortianalyzer, Fortimanager",4.3,MEDIUM,0.0008200000156648457,false,false,false,false,,false,false,2021-08-05T10:35:45.000Z,0
CVE-2021-24022,https://securityvulnerability.io/vulnerability/CVE-2021-24022,,"A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.",Fortinet,"Fortinet Fortianalyzer, Fortimanager",6.7,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2021-07-20T10:32:49.000Z,0
CVE-2020-12811,https://securityvulnerability.io/vulnerability/CVE-2020-12811,,"An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field.",Fortinet,"Fortinet Fortimanager, Fortianalyzer",6.1,MEDIUM,0.0007800000021234155,false,false,false,false,,false,false,2020-09-24T13:36:12.000Z,0
CVE-2019-17657,https://securityvulnerability.io/vulnerability/CVE-2019-17657,,"An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.",Fortinet,"Fortinet Fortiswitch,Fortianalyzer,Fortimanager,Fortiap-s/w2",7.5,HIGH,0.0022299999836832285,false,false,false,false,,false,false,2020-04-07T17:11:07.000Z,0
CVE-2017-17541,https://securityvulnerability.io/vulnerability/CVE-2017-17541,,"A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.",Fortinet,"Fortinet Fortimanager, Fortianalyzer",6.1,MEDIUM,0.001019999966956675,false,false,false,false,,false,false,2018-07-16T20:00:00.000Z,0
CVE-2018-1354,https://securityvulnerability.io/vulnerability/CVE-2018-1354,,"An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.",Fortinet,"Fortinet Fortimanager, Fortianalyzer",6.5,MEDIUM,0.0023300000466406345,false,false,false,false,,false,false,2018-06-27T20:00:00.000Z,0
CVE-2018-1355,https://securityvulnerability.io/vulnerability/CVE-2018-1355,,"An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature.  An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.",Fortinet,"Fortinet Fortimanager, Fortianalyzer",6.1,MEDIUM,0.002050000010058284,false,false,false,false,,false,false,2018-06-27T00:00:00.000Z,0
CVE-2017-3126,https://securityvulnerability.io/vulnerability/CVE-2017-3126,,An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.,Fortinet,"Fortinet Fortianalyzer, Fortimanager",6.1,MEDIUM,0.0018599999602884054,false,false,false,false,,false,false,2017-05-27T00:29:00.000Z,0