Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Fortinet Subscribe
Filtered by product Fortimanager
Total 39 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-32597 1 Fortinet 2 Fortianalyzer, Fortimanager 2021-08-13 3.5 LOW 5.4 MEDIUM
Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters.
CVE-2021-32603 1 Fortinet 2 Fortianalyzer, Fortimanager 2021-08-12 4.0 MEDIUM 6.5 MEDIUM
A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and authenticated attacker to access unauthorized files and services on the system via specifically crafted web requests.
CVE-2021-32598 1 Fortinet 2 Fortianalyzer, Fortimanager 2021-08-12 4.0 MEDIUM 4.3 MEDIUM
An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response.
CVE-2021-24022 1 Fortinet 2 Fortianalyzer, Fortimanager 2021-07-29 2.1 LOW 4.4 MEDIUM
A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to perform a Denial of Service attack by running the `diagnose system geoip-city` command with a large ip value.
CVE-2020-12811 1 Fortinet 2 Fortianalyzer, Fortimanager 2020-09-30 4.3 MEDIUM 6.1 MEDIUM
An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field.
CVE-2019-17657 1 Fortinet 5 Fortianalyzer, Fortiap-s, Fortiap-w2 and 2 more 2020-04-08 5.0 MEDIUM 7.5 HIGH
An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.
CVE-2019-17654 1 Fortinet 1 Fortimanager 2020-03-19 6.8 MEDIUM 8.8 HIGH
An Insufficient Verification of Data Authenticity vulnerability in FortiManager 6.2.1, 6.2.0, 6.0.6 and below may allow an unauthenticated attacker to perform a Cross-Site WebSocket Hijacking (CSWSH) attack.
CVE-2015-3611 1 Fortinet 1 Fortimanager 2020-02-05 9.0 HIGH 8.8 HIGH
A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report.
CVE-2015-3612 1 Fortinet 1 Fortimanager 2020-02-05 3.5 LOW 5.4 MEDIUM
A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and earlier via an unspecified parameter in the FortiWeb auto update service page.
CVE-2015-3613 1 Fortinet 1 Fortimanager 2020-02-05 7.5 HIGH 9.8 CRITICAL
A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page
CVE-2018-1351 1 Fortinet 1 Fortimanager 2020-01-22 3.5 LOW 4.8 MEDIUM
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log.
CVE-2018-1354 1 Fortinet 2 Fortianalyzer, Fortimanager 2019-10-02 4.0 MEDIUM 6.5 MEDIUM
An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.
CVE-2018-1360 1 Fortinet 1 Fortimanager 2019-10-02 4.3 MEDIUM 8.1 HIGH
A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.
CVE-2018-13375 1 Fortinet 2 Fortianalyzer, Fortimanager 2019-05-30 4.3 MEDIUM 6.1 MEDIUM
An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled).
CVE-2018-1355 1 Fortinet 2 Fortianalyzer, Fortimanager 2019-03-08 5.8 MEDIUM 6.1 MEDIUM
An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.
CVE-2018-1353 1 Fortinet 1 Fortimanager 2018-10-25 4.0 MEDIUM 4.3 MEDIUM
An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom.
CVE-2014-2336 1 Fortinet 2 Fortianalyzer Firmware, Fortimanager 2017-08-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.
CVE-2015-7363 1 Fortinet 4 Fortianalyzer, Fortianalyzer Firmware, Fortimanager and 1 more 2017-07-29 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.
CVE-2005-4570 1 Fortinet 3 Forticlient, Fortimanager, Fortios 2011-03-07 7.8 HIGH N/A
The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.