Fortinet FortiAnalyzer 5.0.5

CPE Details

Fortinet FortiAnalyzer 5.0.5
fortinet
fortianalyzer
5.0.5
2019-05-29
10h58 +00:00
2019-05-29
10h58 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:fortinet:fortianalyzer:5.0.5:*:*:*:*:*:*:*

Informations

Vendor

fortinet

Product

fortianalyzer

Version

5.0.5

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2021-36170 2021-10-06 07h22 +00:00 An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.
3.2
Bas
CVE-2021-32597 2021-08-06 08h48 +00:00 Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters.
5.4
Moyen
CVE-2020-12815 2020-09-24 11h33 +00:00 An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields.
5.4
Moyen
CVE-2020-9289 2020-06-16 18h12 +00:00 Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.
7.5
Haute
CVE-2020-6640 2020-06-04 10h47 +00:00 An improper neutralization of input vulnerability in the Admin Profile of FortiAnalyzer may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the Description Area.
5.4
Moyen
CVE-2019-17657 2020-04-07 15h11 +00:00 An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.
7.5
Haute
CVE-2018-13375 2019-05-28 16h33 +00:00 An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in FortiAnalyzer and FortiManager (with FortiAnalyzer feature enabled).
6.1
Moyen
CVE-2018-1355 2018-06-27 20h00 +00:00 An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs.
6.1
Moyen
CVE-2018-1354 2018-06-27 18h00 +00:00 An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other users with arbitrary content.
6.5
Moyen
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.