cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-39950,https://securityvulnerability.io/vulnerability/CVE-2022-39950,Cross-Site Scripting Vulnerability in FortiManager and FortiAnalyzer,"An input validation flaw exists in FortiManager and FortiAnalyzer products that permits low privilege attackers to exploit web page generation processes. This vulnerability arises when malformed comments are submitted via CKeditor's 'protected' comment feature, leading to potential Cross-Site Scripting (XSS) attacks. By leveraging this flaw, attackers can execute arbitrary scripts in the context of a victim's session, potentially compromising sensitive information and integrity of the affected applications.",Fortinet,"Fortinet Fortianalyzer, Fortimanager",8,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2022-11-02T00:00:00.000Z,0
CVE-2022-27483,https://securityvulnerability.io/vulnerability/CVE-2022-27483,OS Command Injection Vulnerability in Fortinet FortiManager and FortiAnalyzer,"An OS command injection vulnerability exists in Fortinet's FortiManager and FortiAnalyzer, where inadequate neutralization of special elements in command-line instructions can be exploited by an attacker. This vulnerability affects several versions, allowing unauthorized execution of arbitrary shell commands as the 'root' user through 'diagnose system' command line interface commands. If exploited, it poses a significant risk to the integrity and confidentiality of the affected systems.",Fortinet,"Fortinet Fortimanager, Fortianalyzer",7.2,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2022-07-19T14:15:00.000Z,0
CVE-2022-26118,https://securityvulnerability.io/vulnerability/CVE-2022-26118,Privilege Escalation in FortiManager and FortiAnalyzer by Fortinet,"A privilege chaining vulnerability exists in FortiManager and FortiAnalyzer, where local authenticated attackers with restricted shell access can exploit incorrect permissions on certain folders and executable files. This weakness allows them to escalate their privileges to root, leading to unauthorized access and potential compromise of system integrity.",Fortinet,"Fortinet Fortimanager , Fortianalyzer",6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-07-18T16:40:52.000Z,0
CVE-2021-26104,https://securityvulnerability.io/vulnerability/CVE-2021-26104,OS Command Injection Vulnerabilities in FortiManager and FortiAnalyzer,"Multiple vulnerabilities exist within the command line interface of FortiManager, FortiAnalyzer, and FortiPortal. These vulnerabilities allow a local authenticated and unprivileged user the ability to craft specific command line parameters, thereby executing arbitrary shell commands with root privileges. This issue can lead to significant security risks, including unauthorized access and potential system compromise.",Fortinet,"Fortinet Fortimanager, Fortianalyzer, Fortiportal",7.8,HIGH,0.010730000212788582,false,,false,false,false,,,false,false,,2022-04-06T16:00:20.000Z,0
CVE-2022-22300,https://securityvulnerability.io/vulnerability/CVE-2022-22300,Improper Permissions Handling in Fortinet FortiAnalyzer and FortiManager Products,"The vulnerability in Fortinet's FortiAnalyzer and FortiManager products occurs due to improper handling of insufficient permissions, allowing an attacker to bypass device policies. This exploit enables unauthorized users to force a password change action for legitimate user accounts, potentially compromising system integrity and security. Versions of FortiAnalyzer and FortiManager from 5.6.0 to 7.0.2 are affected, emphasizing the need for immediate attention to secure environments utilizing these products.",Fortinet,"Fortinet Fortimanager, Fortianalyzer",4.3,MEDIUM,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-03-01T18:25:16.000Z,0
CVE-2021-36170,https://securityvulnerability.io/vulnerability/CVE-2021-36170,Information Disclosure Vulnerability in FortiAnalyzerVM and FortiManagerVM by Fortinet,"An information disclosure vulnerability has been identified in FortiAnalyzerVM and FortiManagerVM that may enable an authenticated attacker to access FortiCloud credentials in cleartext. This information can be exploited by malicious actors if they gain access to the affected systems, potentially compromising the security of the trial license activation process.",Fortinet,"Fortinet Fortimanager, Fortianalyzer",3.2,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-10-06T09:22:29.000Z,0
CVE-2021-32587,https://securityvulnerability.io/vulnerability/CVE-2021-32587,Improper Access Control in FortiManager and FortiAnalyzer by Fortinet,"An improper access control vulnerability exists in the GUI interface of FortiManager and FortiAnalyzer, allowing a remote authenticated user with restricted privileges to access and enumerate sensitive information. Specifically, this flaw could enable attackers to retrieve a list of administrative users across other ADOMs and their associated configurations, potentially leading to unauthorized access and elevation of privileges. Organizations using affected versions should prioritize remediation to safeguard sensitive user information and maintain security integrity. For detailed information, please refer to the advisory at Fortiguard.",Fortinet,"Fortinet Fortianalyzer, Fortimanager",4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-08-06T10:51:07.000Z,0
CVE-2021-32597,https://securityvulnerability.io/vulnerability/CVE-2021-32597,Cross Site Scripting Vulnerability in FortiManager and FortiAnalyzer by Fortinet,"A vulnerability exists in FortiManager and FortiAnalyzer that allows for improper neutralization of input when generating web pages. This may enable an authenticated remote attacker to exploit this flaw, permitting them to inject malicious scripts into GET parameters. Success in this attack can lead to the execution of arbitrary JavaScript code in the context of the victim's browser session, potentially compromising sensitive user data.",Fortinet,"Fortinet Fortianalyzer, Fortimanager",4.6,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2021-08-06T10:48:20.000Z,0
CVE-2021-32603,https://securityvulnerability.io/vulnerability/CVE-2021-32603,Server-Side Request Forgery in FortiManager and FortiAnalyser,"A server-side request forgery (SSRF) vulnerability exists in FortiManager and FortiAnalyser, allowing authenticated attackers to craft specific web requests that may expose unauthorized files and services on the system. This vulnerability could be exploited by an attacker to access sensitive resources, potentially leading to further system compromises. Proper input validation and robust security measures are vital to mitigate such risks.",Fortinet,"Fortinet Fortianalyzer, Fortimanager",8.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-08-05T10:41:00.000Z,0
CVE-2021-32598,https://securityvulnerability.io/vulnerability/CVE-2021-32598,HTTP Response Splitting Vulnerability in Fortinet FortiManager and FortiAnalyzer,"This vulnerability arises from inadequate handling of CRLF sequences in HTTP headers within the FortiManager and FortiAnalyzer graphical user interfaces. An authenticated attacker can exploit this weakness by initiating an HTTP request splitting attack, which allows them to manipulate the response headers and body. This can lead to various security risks, including controlling the response sent by the affected system.",Fortinet,"Fortinet Fortianalyzer, Fortimanager",4.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,,false,false,,2021-08-05T10:35:45.000Z,0
CVE-2021-24022,https://securityvulnerability.io/vulnerability/CVE-2021-24022,Buffer Overflow Vulnerability in Fortinet FortiAnalyzer and FortiManager Products,"A buffer overflow vulnerability exists in Fortinet's FortiAnalyzer and FortiManager Command Line Interface (CLI). This issue can be exploited by an authenticated local attacker who executes the 'diagnose system geoip-city' command with a disproportionately large IP value, potentially leading to a Denial of Service. Affected versions include FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, and 6.0.x, as well as FortiManager CLI 6.4.5 and below, 6.2.7 and below, and 6.0.x. Users are advised to apply the appropriate updates to mitigate this risk.",Fortinet,"Fortinet Fortianalyzer, Fortimanager",6.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2021-07-20T10:32:49.000Z,0
CVE-2020-12811,https://securityvulnerability.io/vulnerability/CVE-2020-12811,Cross-Site Scripting Vulnerability in FortiManager and FortiAnalyzer Products,"An improper handling of script-related HTML tags in web pages of FortiManager and FortiAnalyzer products allows malicious actors to inject and execute arbitrary scripts through the Identify Provider name field. This vulnerability could lead to unauthorized actions, data loss, or exposure of sensitive information from users interacting with the compromised web interface.",Fortinet,"Fortinet Fortimanager, Fortianalyzer",6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-09-24T13:36:12.000Z,0
CVE-2019-17657,https://securityvulnerability.io/vulnerability/CVE-2019-17657,"Uncontrolled Resource Consumption in Fortinet FortiSwitch, FortiAnalyzer, FortiManager, and FortiAP","An Uncontrolled Resource Consumption vulnerability exists in Fortinet's FortiSwitch, FortiAnalyzer, FortiManager, and FortiAP products. This issue allows an attacker to exploit specially crafted HTTP requests and responses, leading to a Denial of Service (DoS) condition on the admin webUI. The vulnerability is particularly sensitive to Slow HTTP DoS attacks, which can disrupt the normal operation of these devices and affect service availability.",Fortinet,"Fortinet Fortiswitch,Fortianalyzer,Fortimanager,Fortiap-s/w2",7.5,HIGH,0.0022299999836832285,false,,false,false,false,,,false,false,,2020-04-07T17:11:07.000Z,0
CVE-2017-17541,https://securityvulnerability.io/vulnerability/CVE-2017-17541,,"A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.",Fortinet,"Fortinet Fortimanager, Fortianalyzer",6.1,MEDIUM,0.001019999966956675,false,,false,false,false,,,false,false,,2018-07-16T20:00:00.000Z,0
CVE-2018-1354,https://securityvulnerability.io/vulnerability/CVE-2018-1354,,"An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.",Fortinet,"Fortinet Fortimanager, Fortianalyzer",6.5,MEDIUM,0.0023300000466406345,false,,false,false,false,,,false,false,,2018-06-27T20:00:00.000Z,0
CVE-2018-1355,https://securityvulnerability.io/vulnerability/CVE-2018-1355,,"An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature.  An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.",Fortinet,"Fortinet Fortimanager, Fortianalyzer",6.1,MEDIUM,0.002050000010058284,false,,false,false,false,,,false,false,,2018-06-27T00:00:00.000Z,0
CVE-2017-3126,https://securityvulnerability.io/vulnerability/CVE-2017-3126,,An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.,Fortinet,"Fortinet Fortianalyzer, Fortimanager",6.1,MEDIUM,0.0018599999602884054,false,,false,false,false,,,false,false,,2017-05-27T00:29:00.000Z,0