Fortinet: >> Fortianalyzer Big Data >> 7.2.5 Security Vulnerabilities
An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests.
CVSS Score
4.1
EPSS Score
0.001
Published
2024-11-12
An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request.
CVSS Score
5.0
EPSS Score
0.003
Published
2024-09-10
A use of externally-controlled format string vulnerability [CWE-134] vulnerability in Fortinet allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.
CVSS Score
6.7
EPSS Score
0.001
Published
2024-03-12
Page 2