Search criteria
45 vulnerabilities found for fortimanager_firmware by fortinet
FKIE_CVE-2017-17541
Vulnerability from fkie_nvd - Published: 2018-07-16 20:29 - Updated: 2024-11-21 03:18
Severity ?
Summary
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | http://www.securitytracker.com/id/1041246 | Third Party Advisory, VDB Entry | |
| psirt@fortinet.com | http://www.securitytracker.com/id/1041247 | Third Party Advisory, VDB Entry | |
| psirt@fortinet.com | https://fortiguard.com/advisory/FG-IR-17-305 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041246 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041247 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/advisory/FG-IR-17-305 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortianalyzer_firmware | * | |
| fortinet | fortianalyzer_firmware | 6.0.0 | |
| fortinet | fortimanager_firmware | * | |
| fortinet | fortimanager_firmware | 6.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14395CC2-7264-4F1C-BB71-BA70BB97980F",
"versionEndIncluding": "5.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9E13C1-4CEC-45FD-B7BE-207537565BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEBC8DBF-8BC5-4DD8-A724-985DE305EA04",
"versionEndIncluding": "5.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "86E0D6CE-4731-4A1E-BFEE-E57EEF25F63B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en Fortinet FortiManager 6.0.0, 5.6.4 y anteriores y FortiAnalyzer 6.0.0, 5.6.4 y anteriores permite inyectar c\u00f3digo JavaScript y etiquetas HTML mediante el valor CN de los certificados CA y CRL mediante la caracter\u00edstica de importaci\u00f3n de certificados CA y CRL."
}
],
"id": "CVE-2017-17541",
"lastModified": "2024-11-21T03:18:08.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-16T20:29:00.270",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041246"
},
{
"source": "psirt@fortinet.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041247"
},
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/advisory/FG-IR-17-305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/advisory/FG-IR-17-305"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3617
Vulnerability from fkie_nvd - Published: 2017-08-22 15:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/74444 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1032188 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://fortiguard.com/psirt/FG-IR-15-011 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74444 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032188 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-15-011 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortimanager_firmware | 5.0.0 | |
| fortinet | fortimanager_firmware | 5.0.1 | |
| fortinet | fortimanager_firmware | 5.0.2 | |
| fortinet | fortimanager_firmware | 5.0.3 | |
| fortinet | fortimanager_firmware | 5.0.4 | |
| fortinet | fortimanager_firmware | 5.0.5 | |
| fortinet | fortimanager_firmware | 5.0.6 | |
| fortinet | fortimanager_firmware | 5.0.7 | |
| fortinet | fortimanager_firmware | 5.0.8 | |
| fortinet | fortimanager_firmware | 5.0.9 | |
| fortinet | fortimanager_firmware | 5.0.10 | |
| fortinet | fortimanager_firmware | 5.2.0 | |
| fortinet | fortimanager_firmware | 5.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "833C89CE-43F0-4F6E-8A4F-504EA5F16319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96F78B0-2F6E-4A28-B0B8-CCE3638DCCDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68D3536B-652C-4642-9FF9-5A7CFDBB7DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands."
},
{
"lang": "es",
"value": "Fortinet FortiManager 5.0 en versiones anteriores a la 5.0.11 y 5.2 en versiones anteriores a la 5.2.2 permite que usuarios locales obtengan privilegios mediante comandos CLI manipulados."
}
],
"id": "CVE-2015-3617",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-22T15:29:00.290",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74444"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032188"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/74444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3614
Vulnerability from fkie_nvd - Published: 2017-08-11 21:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/74444 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1032188 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://fortiguard.com/psirt/FG-IR-15-011 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74444 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032188 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-15-011 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortimanager_firmware | 5.0.0 | |
| fortinet | fortimanager_firmware | 5.0.1 | |
| fortinet | fortimanager_firmware | 5.0.2 | |
| fortinet | fortimanager_firmware | 5.0.3 | |
| fortinet | fortimanager_firmware | 5.0.4 | |
| fortinet | fortimanager_firmware | 5.0.5 | |
| fortinet | fortimanager_firmware | 5.0.6 | |
| fortinet | fortimanager_firmware | 5.0.7 | |
| fortinet | fortimanager_firmware | 5.0.8 | |
| fortinet | fortimanager_firmware | 5.0.9 | |
| fortinet | fortimanager_firmware | 5.0.10 | |
| fortinet | fortimanager_firmware | 5.2.0 | |
| fortinet | fortimanager_firmware | 5.2.1 | |
| fortinet | fortimanager_2000e | - | |
| fortinet | fortimanager_200d | - | |
| fortinet | fortimanager_3000f | - | |
| fortinet | fortimanager_300e | - | |
| fortinet | fortimanager_3900e | - | |
| fortinet | fortimanager_400e | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "833C89CE-43F0-4F6E-8A4F-504EA5F16319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96F78B0-2F6E-4A28-B0B8-CCE3638DCCDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68D3536B-652C-4642-9FF9-5A7CFDBB7DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:fortimanager_2000e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F721DFB2-5ABA-48B9-943E-30A143EAC28E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fortimanager_200d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF33648-375E-4BE8-AEB9-6348370A0362",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fortimanager_3000f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0F28C8-34F7-4B42-BC89-D79D912C314B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fortimanager_300e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37A488B2-735F-4BC5-BC06-28330E4226C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fortimanager_3900e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9FC4D8-A8F5-4BF2-BFE7-0DCF813A0A98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fortimanager_400e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD6CB6E-760E-4742-847A-EF4261288FB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability."
},
{
"lang": "es",
"value": "Fortinet FortiManager en sus versiones 5.0.x anteriores a la 5.0.11, y en versiones 5.2.x anteriores a la 5.2.2 permite que atacantes remotos obtengan archivos arbitrarios mediante vectores que implican otra vulnerabilidad sin especificar."
}
],
"id": "CVE-2015-3614",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-11T21:29:00.323",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74444"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032188"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3615
Vulnerability from fkie_nvd - Published: 2017-08-11 21:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/74444 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1032188 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://fortiguard.com/psirt/FG-IR-15-011 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74444 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032188 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-15-011 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortimanager_firmware | 5.0.3 | |
| fortinet | fortimanager_firmware | 5.0.4 | |
| fortinet | fortimanager_firmware | 5.0.5 | |
| fortinet | fortimanager_firmware | 5.0.6 | |
| fortinet | fortimanager_firmware | 5.0.7 | |
| fortinet | fortimanager_firmware | 5.0.8 | |
| fortinet | fortimanager_firmware | 5.0.9 | |
| fortinet | fortimanager_firmware | 5.0.10 | |
| fortinet | fortimanager_firmware | 5.2.0 | |
| fortinet | fortimanager_firmware | 5.2.1 | |
| fortinet | fortimanager_2000e | - | |
| fortinet | fortimanager_200d | - | |
| fortinet | fortimanager_3000f | - | |
| fortinet | fortimanager_300e | - | |
| fortinet | fortimanager_3900e | - | |
| fortinet | fortimanager_400e | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:fortimanager_2000e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F721DFB2-5ABA-48B9-943E-30A143EAC28E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fortimanager_200d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF33648-375E-4BE8-AEB9-6348370A0362",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fortimanager_3000f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0F28C8-34F7-4B42-BC89-D79D912C314B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fortimanager_300e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37A488B2-735F-4BC5-BC06-28330E4226C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fortimanager_3900e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9FC4D8-A8F5-4BF2-BFE7-0DCF813A0A98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fortimanager_400e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD6CB6E-760E-4742-847A-EF4261288FB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Fortinet FortiManager en sus versiones 5.0.x anteriores a la 5.0.11, y versiones 5.2.x anteriores a la 5.2.2 permite que usuarios remotos autenticados inyecten scripts web o HTML arbitrarios mediante vectores que implican par\u00e1metros sin especificar y un ataque de escalado de privilegios."
}
],
"id": "CVE-2015-3615",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-11T21:29:00.370",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74444"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032188"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3616
Vulnerability from fkie_nvd - Published: 2017-08-11 21:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/74444 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1032188 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://fortiguard.com/psirt/FG-IR-15-011 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/74444 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1032188 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/psirt/FG-IR-15-011 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortimanager_firmware | 5.0.0 | |
| fortinet | fortimanager_firmware | 5.0.1 | |
| fortinet | fortimanager_firmware | 5.0.2 | |
| fortinet | fortimanager_firmware | 5.0.3 | |
| fortinet | fortimanager_firmware | 5.0.4 | |
| fortinet | fortimanager_firmware | 5.0.5 | |
| fortinet | fortimanager_firmware | 5.0.6 | |
| fortinet | fortimanager_firmware | 5.0.7 | |
| fortinet | fortimanager_firmware | 5.0.8 | |
| fortinet | fortimanager_firmware | 5.0.9 | |
| fortinet | fortimanager_firmware | 5.0.10 | |
| fortinet | fortimanager_firmware | 5.2.0 | |
| fortinet | fortimanager_firmware | 5.2.1 | |
| fortinet | fortimanager_2000e | - | |
| fortinet | fortimanager_200d | - | |
| fortinet | fortimanager_3000f | - | |
| fortinet | fortimanager_300e | - | |
| fortinet | fortimanager_3900e | - | |
| fortinet | fortimanager_400e | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "833C89CE-43F0-4F6E-8A4F-504EA5F16319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96F78B0-2F6E-4A28-B0B8-CCE3638DCCDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68D3536B-652C-4642-9FF9-5A7CFDBB7DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:fortimanager_2000e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F721DFB2-5ABA-48B9-943E-30A143EAC28E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fortimanager_200d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF33648-375E-4BE8-AEB9-6348370A0362",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fortimanager_3000f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0F28C8-34F7-4B42-BC89-D79D912C314B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fortimanager_300e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37A488B2-735F-4BC5-BC06-28330E4226C4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fortimanager_3900e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9FC4D8-A8F5-4BF2-BFE7-0DCF813A0A98",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:fortinet:fortimanager_400e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD6CB6E-760E-4742-847A-EF4261288FB7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Fortinet FortiManager en sus versiones 5.0.x anteriores a la 5.0.11, y versiones 5.2.x anteriores a la 5.2.2 permite que atacantes remotos ejecuten comandos arbitrarios mediante par\u00e1metros sin especificar."
}
],
"id": "CVE-2015-3616",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-11T21:29:00.447",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74444"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032188"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-3126
Vulnerability from fkie_nvd - Published: 2017-05-27 00:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortianalyzer_firmware | 5.4.0 | |
| fortinet | fortianalyzer_firmware | 5.4.1 | |
| fortinet | fortianalyzer_firmware | 5.4.2 | |
| fortinet | fortimanager_firmware | 5.4.0 | |
| fortinet | fortimanager_firmware | 5.4.1 | |
| fortinet | fortimanager_firmware | 5.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC123643-C9EE-40BF-B6F5-CE942F0A474E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBCBC4B-ECCB-467D-8CB1-D017C5DCB3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CD11DF-36F4-4761-92AC-5F01F965B02A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C235585-4228-43B3-B2BB-06563B67F9E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B760F3B0-C81A-4B53-8D1E-384834D4A594",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43BF2F41-32BB-4C64-A9A2-62FB61B7D318",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Redireccionamiento Abierto en FortiAnalyzer versiones desde 5.4.0 hasta 5.4.2 y FortiManager versiones desde 5.4.0 hasta 5.4.2 de Fortinet, permite a un atacante ejecutar c\u00f3digo o comandos no autorizados por medio del par\u00e1metro next."
}
],
"id": "CVE-2017-3126",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-27T00:29:00.973",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98557"
},
{
"source": "psirt@fortinet.com",
"url": "http://www.securitytracker.com/id/1038539"
},
{
"source": "psirt@fortinet.com",
"url": "http://www.securitytracker.com/id/1038540"
},
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98557"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-014"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-8495
Vulnerability from fkie_nvd - Published: 2017-02-13 15:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@fortinet.com | http://www.securityfocus.com/bid/96157 | Third Party Advisory, VDB Entry | |
| psirt@fortinet.com | http://www.securitytracker.com/id/1037805 | ||
| psirt@fortinet.com | https://fortiguard.com/advisory/FG-IR-16-055 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96157 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037805 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://fortiguard.com/advisory/FG-IR-16-055 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortimanager_firmware | 5.0.3 | |
| fortinet | fortimanager_firmware | 5.0.4 | |
| fortinet | fortimanager_firmware | 5.0.5 | |
| fortinet | fortimanager_firmware | 5.0.6 | |
| fortinet | fortimanager_firmware | 5.0.7 | |
| fortinet | fortimanager_firmware | 5.0.8 | |
| fortinet | fortimanager_firmware | 5.0.9 | |
| fortinet | fortimanager_firmware | 5.0.10 | |
| fortinet | fortimanager_firmware | 5.0.11 | |
| fortinet | fortimanager_firmware | 5.2.0 | |
| fortinet | fortimanager_firmware | 5.2.1 | |
| fortinet | fortimanager_firmware | 5.2.2 | |
| fortinet | fortimanager_firmware | 5.2.3 | |
| fortinet | fortimanager_firmware | 5.2.4 | |
| fortinet | fortimanager_firmware | 5.2.6 | |
| fortinet | fortimanager_firmware | 5.2.7 | |
| fortinet | fortimanager_firmware | 5.4.0 | |
| fortinet | fortimanager_firmware | 5.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9B23B1-A527-49B6-A6CB-CFFCF278B70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F5BBE82-1D71-40EE-B506-1DD1066F537C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A2A3F2-A908-4192-8032-F8FA3310B50A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B621447-97C3-42B4-92FF-3D5BEDE26A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9B31D5-E000-4378-A030-D3B47C6D1740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8CF01200-2392-43E7-9682-80CF1A235409",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C235585-4228-43B3-B2BB-06563B67F9E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B760F3B0-C81A-4B53-8D1E-384834D4A594",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature."
},
{
"lang": "es",
"value": "Una vulnerabilidad de validaci\u00f3n de certificado incorrecto en Fortinet FortiManager 5.0.6 hasta la versi\u00f3n 5.2.7 y 5.4.0 hasta la versi\u00f3n 5.4.1 permite a atacantes remotos suplantar una entidad de confianza utilizando un ataque man-in-the-middle (MITM) a trav\u00e9s de la funcionalidad de sondeo de dispositivos Fortisandbox."
}
],
"id": "CVE-2016-8495",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-13T15:59:00.167",
"references": [
{
"source": "psirt@fortinet.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96157"
},
{
"source": "psirt@fortinet.com",
"url": "http://www.securitytracker.com/id/1037805"
},
{
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/advisory/FG-IR-16-055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1037805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://fortiguard.com/advisory/FG-IR-16-055"
}
],
"sourceIdentifier": "psirt@fortinet.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-7363
Vulnerability from fkie_nvd - Published: 2016-10-07 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "833C89CE-43F0-4F6E-8A4F-504EA5F16319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96F78B0-2F6E-4A28-B0B8-CCE3638DCCDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68D3536B-652C-4642-9FF9-5A7CFDBB7DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9B23B1-A527-49B6-A6CB-CFFCF278B70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:fortimanager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A46415B-E9D2-463D-AE16-D51DEEC23690",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B83E355-BA1A-47B3-AE43-04668C87FD8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EBA54E4-E824-4F68-94BF-D70F5A51B40F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "378DE593-6514-4111-95DF-C881E163E6D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAD4CF6-6654-4BCC-8EC4-5B11AF81C123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3F75D9-5719-4392-8FDE-DA1CFEE5BEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "06360B2F-EE21-4E99-9931-E4C62B1D2C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FEC6473-536E-4ADB-9BD1-8A75846A039E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "799DA4F4-F5DD-4D56-ACC0-C28891C27A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD6F2AF-F98F-4113-94D8-1F3D26702D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "647BBA50-058A-4D8D-884A-83A818B90622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C4BA0949-E1B2-41F4-801C-1FF5FDD5FD8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "042001D0-4E10-488F-AB01-AFEB23D78C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "728F1AAE-6156-443B-A5DA-990538432389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B27A485B-71F5-485C-9F3C-691A4F1CA5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E098F02-C9DA-4EC9-B13C-8DFD6735615F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF465F07-3786-4533-9B61-C8344DCB166F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:fortianalyzer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "156CCFE2-8ED2-417E-8A32-C3AB1DD97C8B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la p\u00e1gina de configuraci\u00f3n avanzada en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.3, en los modelos de hardware con un disco duro y FortiAnalyzer 5.x en versiones anteriores a 5.0.13 y 5.2.x en versiones anteriores a 5.2.3 permite a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores relacionados con filtros de informe."
}
],
"id": "CVE-2015-7363",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-07T14:59:02.677",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/93413"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036981"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036982"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-3195
Vulnerability from fkie_nvd - Published: 2016-08-19 21:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "833C89CE-43F0-4F6E-8A4F-504EA5F16319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96F78B0-2F6E-4A28-B0B8-CCE3638DCCDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68D3536B-652C-4642-9FF9-5A7CFDBB7DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9B23B1-A527-49B6-A6CB-CFFCF278B70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F5BBE82-1D71-40EE-B506-1DD1066F537C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A2A3F2-A908-4192-8032-F8FA3310B50A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B621447-97C3-42B4-92FF-3D5BEDE26A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D281C46-3C6A-4ABA-B25C-1FA623F78566",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B83E355-BA1A-47B3-AE43-04668C87FD8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "378DE593-6514-4111-95DF-C881E163E6D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAD4CF6-6654-4BCC-8EC4-5B11AF81C123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3F75D9-5719-4392-8FDE-DA1CFEE5BEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "06360B2F-EE21-4E99-9931-E4C62B1D2C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FEC6473-536E-4ADB-9BD1-8A75846A039E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "799DA4F4-F5DD-4D56-ACC0-C28891C27A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD6F2AF-F98F-4113-94D8-1F3D26702D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "647BBA50-058A-4D8D-884A-83A818B90622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C4BA0949-E1B2-41F4-801C-1FF5FDD5FD8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "042001D0-4E10-488F-AB01-AFEB23D78C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "728F1AAE-6156-443B-A5DA-990538432389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B27A485B-71F5-485C-9F3C-691A4F1CA5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E098F02-C9DA-4EC9-B13C-8DFD6735615F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF465F07-3786-4533-9B61-C8344DCB166F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D43C2347-D6F3-40A6-8E00-DD31F11A84BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A48CA4D3-FBD6-4048-8FFB-C0A874402E1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9636D8-7C3B-4504-9D1C-01AC471EAFAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la Web-UI en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 y FortiAnalyzer 5.x en versiones anteriores a 5.0.13 y 5.2.x en versiones anteriores a 5.2.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-3195",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-19T21:59:07.430",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92453"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036550"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-3194
Vulnerability from fkie_nvd - Published: 2016-08-19 21:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "833C89CE-43F0-4F6E-8A4F-504EA5F16319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96F78B0-2F6E-4A28-B0B8-CCE3638DCCDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68D3536B-652C-4642-9FF9-5A7CFDBB7DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9B23B1-A527-49B6-A6CB-CFFCF278B70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F5BBE82-1D71-40EE-B506-1DD1066F537C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A2A3F2-A908-4192-8032-F8FA3310B50A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B621447-97C3-42B4-92FF-3D5BEDE26A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D281C46-3C6A-4ABA-B25C-1FA623F78566",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B83E355-BA1A-47B3-AE43-04668C87FD8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "378DE593-6514-4111-95DF-C881E163E6D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAD4CF6-6654-4BCC-8EC4-5B11AF81C123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3F75D9-5719-4392-8FDE-DA1CFEE5BEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "06360B2F-EE21-4E99-9931-E4C62B1D2C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FEC6473-536E-4ADB-9BD1-8A75846A039E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "799DA4F4-F5DD-4D56-ACC0-C28891C27A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD6F2AF-F98F-4113-94D8-1F3D26702D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "647BBA50-058A-4D8D-884A-83A818B90622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C4BA0949-E1B2-41F4-801C-1FF5FDD5FD8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "042001D0-4E10-488F-AB01-AFEB23D78C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "728F1AAE-6156-443B-A5DA-990538432389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B27A485B-71F5-485C-9F3C-691A4F1CA5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E098F02-C9DA-4EC9-B13C-8DFD6735615F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF465F07-3786-4533-9B61-C8344DCB166F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D43C2347-D6F3-40A6-8E00-DD31F11A84BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A48CA4D3-FBD6-4048-8FFB-C0A874402E1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9636D8-7C3B-4504-9D1C-01AC471EAFAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la p\u00e1gina de direcci\u00f3n de agregado en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12 y 5.2.x en versiones anteriores a 5.2.6 y FortiAnalyzer 5.x en versiones anteriores a 5.0.13 y 5.2.x en versiones anteriores a 5.2.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-3194",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-19T21:59:06.430",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92456"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036550"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-3193
Vulnerability from fkie_nvd - Published: 2016-08-19 21:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "833C89CE-43F0-4F6E-8A4F-504EA5F16319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96F78B0-2F6E-4A28-B0B8-CCE3638DCCDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68D3536B-652C-4642-9FF9-5A7CFDBB7DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A5DF6CBD-E8D8-40B7-9512-CD739D6FA918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "34B83D3F-23C8-4781-887C-1876B103A4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AB152570-F07F-4706-9717-D31F5F31CDE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C2A3410C-E673-49C1-AA2C-2BD77C68DCA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFEA22C-D661-4859-86CE-329D23E3EF87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9B23B1-A527-49B6-A6CB-CFFCF278B70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72523D47-A6FA-48E8-B2D0-3563027CE35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FE6366D-0535-4681-90F7-3AB9386184A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F5BBE82-1D71-40EE-B506-1DD1066F537C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1A2A3F2-A908-4192-8032-F8FA3310B50A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B621447-97C3-42B4-92FF-3D5BEDE26A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D281C46-3C6A-4ABA-B25C-1FA623F78566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortimanager_firmware:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C235585-4228-43B3-B2BB-06563B67F9E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B83E355-BA1A-47B3-AE43-04668C87FD8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "378DE593-6514-4111-95DF-C881E163E6D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAD4CF6-6654-4BCC-8EC4-5B11AF81C123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3F75D9-5719-4392-8FDE-DA1CFEE5BEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "06360B2F-EE21-4E99-9931-E4C62B1D2C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8FEC6473-536E-4ADB-9BD1-8A75846A039E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "799DA4F4-F5DD-4D56-ACC0-C28891C27A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD6F2AF-F98F-4113-94D8-1F3D26702D82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "647BBA50-058A-4D8D-884A-83A818B90622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C4BA0949-E1B2-41F4-801C-1FF5FDD5FD8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "042001D0-4E10-488F-AB01-AFEB23D78C01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "728F1AAE-6156-443B-A5DA-990538432389",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B27A485B-71F5-485C-9F3C-691A4F1CA5A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E098F02-C9DA-4EC9-B13C-8DFD6735615F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF465F07-3786-4533-9B61-C8344DCB166F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D43C2347-D6F3-40A6-8E00-DD31F11A84BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A48CA4D3-FBD6-4048-8FFB-C0A874402E1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9636D8-7C3B-4504-9D1C-01AC471EAFAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:5.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC123643-C9EE-40BF-B6F5-CE942F0A474E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la aplicaci\u00f3n web del dispositivo en Fortinet FortiManager 5.x en versiones anteriores a 5.0.12, 5.2.x en versiones anteriores a 5.2.6 y 5.4.x en versiones anteriores a 5.4.1 y FortiAnalyzer 5.x en versiones anteriores a 5.0.13, 5.2.x en versiones anteriores a 5.2.6 y 5.4.x en versiones anteriores a 5.4.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-3193",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-19T21:59:05.463",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/92458"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1036550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-persistent-xss-vulnerability-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036550"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-17541 (GCVE-0-2017-17541)
Vulnerability from cvelistv5 – Published: 2018-07-16 20:00 – Updated: 2024-10-25 14:08
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
Severity ?
No CVSS data available.
CWE
- Execute unauthorized code or commands
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiManager, FortiAnalyzer |
Affected:
FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:32.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-17-305"
},
{
"name": "1041246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041246"
},
{
"name": "1041247",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041247"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-17541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:00:14.644167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:08:48.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiManager, FortiAnalyzer",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions"
}
]
}
],
"datePublic": "2018-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-17T09:57:01",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-17-305"
},
{
"name": "1041246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041246"
},
{
"name": "1041247",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041247"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-17541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiManager, FortiAnalyzer",
"version": {
"version_data": [
{
"version_value": "FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-17-305",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-17-305"
},
{
"name": "1041246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041246"
},
{
"name": "1041247",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-17541",
"datePublished": "2018-07-16T20:00:00",
"dateReserved": "2017-12-11T00:00:00",
"dateUpdated": "2024-10-25T14:08:48.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3617 (GCVE-0-2015-3617)
Vulnerability from cvelistv5 – Published: 2017-08-22 15:00 – Updated: 2024-08-06 05:47
VLAI?
Summary
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:58.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74444"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032188"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-25T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74444"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032188"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74444"
},
{
"name": "https://fortiguard.com/psirt/FG-IR-15-011",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032188"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3617",
"datePublished": "2017-08-22T15:00:00",
"dateReserved": "2015-04-30T00:00:00",
"dateUpdated": "2024-08-06T05:47:58.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3615 (GCVE-0-2015-3615)
Vulnerability from cvelistv5 – Published: 2017-08-11 21:00 – Updated: 2024-08-06 05:47
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74444"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032188"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-25T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74444"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032188"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74444"
},
{
"name": "https://fortiguard.com/psirt/FG-IR-15-011",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032188"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3615",
"datePublished": "2017-08-11T21:00:00",
"dateReserved": "2015-04-30T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3616 (GCVE-0-2015-3616)
Vulnerability from cvelistv5 – Published: 2017-08-11 21:00 – Updated: 2024-08-06 05:47
VLAI?
Summary
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74444"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032188"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-25T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74444"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032188"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74444"
},
{
"name": "https://fortiguard.com/psirt/FG-IR-15-011",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032188"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3616",
"datePublished": "2017-08-11T21:00:00",
"dateReserved": "2015-04-30T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3614 (GCVE-0-2015-3614)
Vulnerability from cvelistv5 – Published: 2017-08-11 21:00 – Updated: 2024-08-06 05:47
VLAI?
Summary
Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74444"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032188"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-25T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74444"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032188"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74444"
},
{
"name": "https://fortiguard.com/psirt/FG-IR-15-011",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032188"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3614",
"datePublished": "2017-08-11T21:00:00",
"dateReserved": "2015-04-30T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3126 (GCVE-0-2017-3126)
Vulnerability from cvelistv5 – Published: 2017-05-26 22:00 – Updated: 2024-10-25 14:14
VLAI?
Summary
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.
Severity ?
No CVSS data available.
CWE
- Open redirect
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet, Inc. | Fortinet FortiAnalyzer, FortiManager |
Affected:
FortiAnalyzer 5.4.2, 5.4.1, 5.4.0
Affected: FortiManager 5.4.2, 5.4.1, 5.4.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038540",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038540"
},
{
"name": "98557",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98557"
},
{
"name": "1038539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038539"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-014"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:00:52.755671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:14:04.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiAnalyzer, FortiManager",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "FortiAnalyzer 5.4.2, 5.4.1, 5.4.0"
},
{
"status": "affected",
"version": "FortiManager 5.4.2, 5.4.1, 5.4.0"
}
]
}
],
"datePublic": "2017-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "1038540",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038540"
},
{
"name": "98557",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98557"
},
{
"name": "1038539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038539"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-014"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-3126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiAnalyzer, FortiManager",
"version": {
"version_data": [
{
"version_value": "FortiAnalyzer 5.4.2, 5.4.1, 5.4.0"
},
{
"version_value": "FortiManager 5.4.2, 5.4.1, 5.4.0"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038540",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038540"
},
{
"name": "98557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98557"
},
{
"name": "1038539",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038539"
},
{
"name": "https://fortiguard.com/psirt/FG-IR-17-014",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-014"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-3126",
"datePublished": "2017-05-26T22:00:00",
"dateReserved": "2016-12-02T00:00:00",
"dateUpdated": "2024-10-25T14:14:04.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8495 (GCVE-0-2016-8495)
Vulnerability from cvelistv5 – Published: 2017-02-13 15:00 – Updated: 2024-10-25 14:40
VLAI?
Summary
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature.
Severity ?
No CVSS data available.
CWE
- Credentials exposure
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiManager |
Affected:
5.0.6 to 5.2.7
Affected: 5.4.0 to 5.4.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:39.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1037805",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037805"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-16-055"
},
{
"name": "96157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96157"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-8495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:04:11.896573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:40:29.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FortiManager",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "5.0.6 to 5.2.7"
},
{
"status": "affected",
"version": "5.4.0 to 5.4.1"
}
]
}
],
"datePublic": "2017-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Credentials exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-24T12:57:01",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "1037805",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037805"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-16-055"
},
{
"name": "96157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96157"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2016-8495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FortiManager",
"version": {
"version_data": [
{
"version_value": "5.0.6 to 5.2.7"
},
{
"version_value": "5.4.0 to 5.4.1"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Credentials exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037805",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037805"
},
{
"name": "https://fortiguard.com/advisory/FG-IR-16-055",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-16-055"
},
{
"name": "96157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96157"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2016-8495",
"datePublished": "2017-02-13T15:00:00",
"dateReserved": "2016-10-07T00:00:00",
"dateUpdated": "2024-10-25T14:40:29.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7363 (GCVE-0-2015-7363)
Vulnerability from cvelistv5 – Published: 2016-10-07 14:00 – Updated: 2024-08-06 07:43
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036981",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036981"
},
{
"name": "1036982",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036982"
},
{
"name": "93413",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93413"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-29T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036981",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036981"
},
{
"name": "1036982",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036982"
},
{
"name": "93413",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93413"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036981",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036981"
},
{
"name": "1036982",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036982"
},
{
"name": "93413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93413"
},
{
"name": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7363",
"datePublished": "2016-10-07T14:00:00",
"dateReserved": "2015-09-25T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3194 (GCVE-0-2016-3194)
Vulnerability from cvelistv5 – Published: 2016-08-19 21:00 – Updated: 2024-08-05 23:47
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:59.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
},
{
"name": "92456",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
},
{
"name": "92456",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92456"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036550",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036550"
},
{
"name": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
},
{
"name": "92456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92456"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3194",
"datePublished": "2016-08-19T21:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:59.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3195 (GCVE-0-2016-3195)
Vulnerability from cvelistv5 – Published: 2016-08-19 21:00 – Updated: 2024-08-05 23:47
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:59.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"name": "92453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92453"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"name": "92453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92453"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036550",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036550"
},
{
"name": "92453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92453"
},
{
"name": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-client-side-xss-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3195",
"datePublished": "2016-08-19T21:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:59.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17541 (GCVE-0-2017-17541)
Vulnerability from nvd – Published: 2018-07-16 20:00 – Updated: 2024-10-25 14:08
VLAI?
Summary
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature.
Severity ?
No CVSS data available.
CWE
- Execute unauthorized code or commands
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | Fortinet FortiManager, FortiAnalyzer |
Affected:
FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:32.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-17-305"
},
{
"name": "1041246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041246"
},
{
"name": "1041247",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041247"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-17541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:00:14.644167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:08:48.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiManager, FortiAnalyzer",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions"
}
]
}
],
"datePublic": "2018-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-17T09:57:01",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-17-305"
},
{
"name": "1041246",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041246"
},
{
"name": "1041247",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041247"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-17541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiManager, FortiAnalyzer",
"version": {
"version_data": [
{
"version_value": "FortiManager 6.0.0, 5.6.4 and below versions; FortiAnalyzer 6.0.0, 5.6.4 and below versions"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Execute unauthorized code or commands"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-17-305",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-17-305"
},
{
"name": "1041246",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041246"
},
{
"name": "1041247",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041247"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-17541",
"datePublished": "2018-07-16T20:00:00",
"dateReserved": "2017-12-11T00:00:00",
"dateUpdated": "2024-10-25T14:08:48.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3617 (GCVE-0-2015-3617)
Vulnerability from nvd – Published: 2017-08-22 15:00 – Updated: 2024-08-06 05:47
VLAI?
Summary
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:58.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74444"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032188"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-25T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74444"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032188"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74444"
},
{
"name": "https://fortiguard.com/psirt/FG-IR-15-011",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032188"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3617",
"datePublished": "2017-08-22T15:00:00",
"dateReserved": "2015-04-30T00:00:00",
"dateUpdated": "2024-08-06T05:47:58.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3615 (GCVE-0-2015-3615)
Vulnerability from nvd – Published: 2017-08-11 21:00 – Updated: 2024-08-06 05:47
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74444"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032188"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-25T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74444"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032188"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74444"
},
{
"name": "https://fortiguard.com/psirt/FG-IR-15-011",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032188"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3615",
"datePublished": "2017-08-11T21:00:00",
"dateReserved": "2015-04-30T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3616 (GCVE-0-2015-3616)
Vulnerability from nvd – Published: 2017-08-11 21:00 – Updated: 2024-08-06 05:47
VLAI?
Summary
SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74444"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032188"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-25T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74444"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032188"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74444"
},
{
"name": "https://fortiguard.com/psirt/FG-IR-15-011",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032188"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3616",
"datePublished": "2017-08-11T21:00:00",
"dateReserved": "2015-04-30T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3614 (GCVE-0-2015-3614)
Vulnerability from nvd – Published: 2017-08-11 21:00 – Updated: 2024-08-06 05:47
VLAI?
Summary
Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74444",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74444"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032188"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-25T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "74444",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74444"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032188"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74444"
},
{
"name": "https://fortiguard.com/psirt/FG-IR-15-011",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-15-011"
},
{
"name": "1032188",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032188"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3614",
"datePublished": "2017-08-11T21:00:00",
"dateReserved": "2015-04-30T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3126 (GCVE-0-2017-3126)
Vulnerability from nvd – Published: 2017-05-26 22:00 – Updated: 2024-10-25 14:14
VLAI?
Summary
An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter.
Severity ?
No CVSS data available.
CWE
- Open redirect
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet, Inc. | Fortinet FortiAnalyzer, FortiManager |
Affected:
FortiAnalyzer 5.4.2, 5.4.1, 5.4.0
Affected: FortiManager 5.4.2, 5.4.1, 5.4.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:16:28.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038540",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038540"
},
{
"name": "98557",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98557"
},
{
"name": "1038539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038539"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-014"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-3126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T14:00:52.755671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:14:04.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Fortinet FortiAnalyzer, FortiManager",
"vendor": "Fortinet, Inc.",
"versions": [
{
"status": "affected",
"version": "FortiAnalyzer 5.4.2, 5.4.1, 5.4.0"
},
{
"status": "affected",
"version": "FortiManager 5.4.2, 5.4.1, 5.4.0"
}
]
}
],
"datePublic": "2017-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Open redirect",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "1038540",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038540"
},
{
"name": "98557",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98557"
},
{
"name": "1038539",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038539"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/psirt/FG-IR-17-014"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-3126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiAnalyzer, FortiManager",
"version": {
"version_data": [
{
"version_value": "FortiAnalyzer 5.4.2, 5.4.1, 5.4.0"
},
{
"version_value": "FortiManager 5.4.2, 5.4.1, 5.4.0"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Open redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038540",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038540"
},
{
"name": "98557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98557"
},
{
"name": "1038539",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038539"
},
{
"name": "https://fortiguard.com/psirt/FG-IR-17-014",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-014"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2017-3126",
"datePublished": "2017-05-26T22:00:00",
"dateReserved": "2016-12-02T00:00:00",
"dateUpdated": "2024-10-25T14:14:04.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8495 (GCVE-0-2016-8495)
Vulnerability from nvd – Published: 2017-02-13 15:00 – Updated: 2024-10-25 14:40
VLAI?
Summary
An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature.
Severity ?
No CVSS data available.
CWE
- Credentials exposure
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Fortinet | FortiManager |
Affected:
5.0.6 to 5.2.7
Affected: 5.4.0 to 5.4.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:39.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1037805",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037805"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://fortiguard.com/advisory/FG-IR-16-055"
},
{
"name": "96157",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96157"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2016-8495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T20:04:11.896573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T14:40:29.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FortiManager",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "5.0.6 to 5.2.7"
},
{
"status": "affected",
"version": "5.4.0 to 5.4.1"
}
]
}
],
"datePublic": "2017-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Credentials exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-24T12:57:01",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "1037805",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037805"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://fortiguard.com/advisory/FG-IR-16-055"
},
{
"name": "96157",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96157"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2016-8495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FortiManager",
"version": {
"version_data": [
{
"version_value": "5.0.6 to 5.2.7"
},
{
"version_value": "5.4.0 to 5.4.1"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Credentials exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037805",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037805"
},
{
"name": "https://fortiguard.com/advisory/FG-IR-16-055",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-16-055"
},
{
"name": "96157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96157"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2016-8495",
"datePublished": "2017-02-13T15:00:00",
"dateReserved": "2016-10-07T00:00:00",
"dateUpdated": "2024-10-25T14:40:29.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7363 (GCVE-0-2015-7363)
Vulnerability from nvd – Published: 2016-10-07 14:00 – Updated: 2024-08-06 07:43
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:43:46.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036981",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036981"
},
{
"name": "1036982",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036982"
},
{
"name": "93413",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93413"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-29T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036981",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036981"
},
{
"name": "1036982",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036982"
},
{
"name": "93413",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93413"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-7363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036981",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036981"
},
{
"name": "1036982",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036982"
},
{
"name": "93413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93413"
},
{
"name": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/fortianalyzer-and-fortimanager-stored-xss-vulnerability-in-report-filters"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-7363",
"datePublished": "2016-10-07T14:00:00",
"dateReserved": "2015-09-25T00:00:00",
"dateUpdated": "2024-08-06T07:43:46.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3194 (GCVE-0-2016-3194)
Vulnerability from nvd – Published: 2016-08-19 21:00 – Updated: 2024-08-05 23:47
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:59.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
},
{
"name": "92456",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-15T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1036550",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036550"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
},
{
"name": "92456",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92456"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036550",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036550"
},
{
"name": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/fortimanager-and-fortianalyzer-xss-vulnerability"
},
{
"name": "92456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92456"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3194",
"datePublished": "2016-08-19T21:00:00",
"dateReserved": "2016-03-15T00:00:00",
"dateUpdated": "2024-08-05T23:47:59.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}