The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of FortiManager Virtual Appliance

threat CVE-2019-5587 CVE-2019-6695

FortiOS/FortiManager VM: privilege escalation via Image File System Integrity

Synthesis of the vulnerability

An attacker can bypass restrictions via Image File System Integrity of FortiOS/FortiManager VM, in order to escalate his privileges.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 05/06/2019.
Identifiers: CERTFR-2019-AVI-358, CVE-2019-5587, CVE-2019-6695, FG-IR-19-017, VIGILANCE-VUL-29468.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Image File System Integrity of FortiOS/FortiManager VM, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

security threat CVE-2018-1360

FortiManager: information disclosure via REST API JSON Responses

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via REST API JSON Responses of FortiManager, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 24/04/2019.
Identifiers: CERTFR-2019-AVI-185, CVE-2018-1360, FG-IR-18-051, VIGILANCE-VUL-29117.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via REST API JSON Responses of FortiManager, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-1353

FortiManager: information disclosure via Vdoms Settings

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Vdoms Settings of FortiManager, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 28/08/2018.
Identifiers: CERTFR-2018-AVI-411, CVE-2018-1353, FG-IR-18-016, VIGILANCE-VUL-27097.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Vdoms Settings of FortiManager, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2017-17541

FortiAnalyzer, FortiManager: Cross Site Scripting via CA And CRL Certificate View Page

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via CA And CRL Certificate View Page of FortiAnalyzer/FortiManager, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 06/07/2018.
Identifiers: CERTFR-2018-AVI-326, CVE-2017-17541, FG-IR-17-305, VIGILANCE-VUL-26643.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The FortiAnalyzer/FortiManager product offers a web service.

However, it does not filter received data via CA And CRL Certificate View Page before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via CA And CRL Certificate View Page of FortiAnalyzer/FortiManager, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2018-1355

FortiAnalyzer, FortiManager: open redirect via PDF File

Synthesis of the vulnerability

An attacker can deceive the user via PDF File of FortiAnalyzer/FortiManager, in order to redirect him to a malicious site.
Severity: 1/4.
Creation date: 25/06/2018.
Identifiers: CERTFR-2018-AVI-303, CVE-2018-1355, FG-IR-18-022, VIGILANCE-VUL-26527.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can deceive the user via PDF File of FortiAnalyzer/FortiManager, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-1354

FortiAnalyzer, FortiManager: Cross Site Scripting via Avatar Picture

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Avatar Picture of FortiAnalyzer/FortiManager, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 25/06/2018.
Identifiers: CERTFR-2018-AVI-303, CVE-2018-1354, FG-IR-18-014, VIGILANCE-VUL-26526.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via Avatar Picture of FortiAnalyzer/FortiManager, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-1351

FortiManager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of FortiManager, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 25/06/2018.
Identifiers: CERTFR-2018-AVI-303, CVE-2018-1351, FG-IR-18-006, VIGILANCE-VUL-26525.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The FortiManager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of FortiManager, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2017-3126

FortiAnalyzer, FortiManager: open redirect

Synthesis of the vulnerability

An attacker can deceive the user of FortiAnalyzer / FortiManager, in order to redirect him to a malicious site.
Severity: 1/4.
Creation date: 19/05/2017.
Identifiers: CVE-2017-3126, FG-IR-17-014, VIGILANCE-VUL-22773.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The FortiAnalyzer / FortiManager product offers a web service.

However, the web service accepts to redirect the victim with no warning, to an external site indicated by the attacker.

An attacker can therefore deceive the user of FortiAnalyzer / FortiManager, in order to redirect him to a malicious site.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-7363

FortiAnalyzer, FortiManager: Cross Site Scripting via Report Filters

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Report Filters of FortiAnalyzer or FortiManager, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 06/10/2016.
Identifiers: CVE-2015-7363, VIGILANCE-VUL-20790.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The FortiAnalyzer and FortiManager products offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Report Filters of FortiAnalyzer or FortiManager, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-3193 CVE-2016-3194 CVE-2016-3195

Fortinet FortiManager / FortiAnalyzer: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Fortinet FortiManager / FortiAnalyzer.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 16/06/2016.
Revision date: 04/08/2016.
Identifiers: 1624459, 1624561, CVE-2016-3193, CVE-2016-3194, CVE-2016-3195, CVE-2016-3196, VIGILANCE-VUL-19914.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Fortinet FortiManager / FortiAnalyzer.

An attacker can trigger a Cross Site Scripting via Add Tags, in order to run JavaScript code in the context of the web site. [severity:2/4; 1624459]

An attacker can trigger a Cross Site Scripting via Predefined Bookmarks, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can trigger a Cross Site Scripting via tabview.htm, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can trigger a Cross Site Scripting via filename, in order to run JavaScript code in the context of the web site. [severity:2/4; 1624561]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about FortiManager Virtual Appliance: