CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-12817

HIGH
8.8
CVSS Severity Score
EPSS Score0.0090%
EPSS Percentile11.42th
Published2020年9月24日
Last Modified2024年11月21日

Vulnerability Description

An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.

Affected Platforms (CPE)

📦
Fortinet

Fortianalyzer

= 6.2.5
📦
Fortinet

Fortianalyzer

= 6.4.0
📦
Fortinet

Fortianalyzer

= 6.4.1
📦
Fortinet

Fortitester

<= 3.7.0
📦
Fortinet

Fortitester

= 3.8.0

References & Advisories

🔗 https://fortiguard.com/advisory/FG-IR-20-054
🔗 https://fortiguard.com/advisory/FG-IR-20-054

関連する脆弱性情報

CVE-2016-19099.8

Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and Fo...

CVE-2026-248589.8

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 ...

CVE-2021-325898.1

A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version ...

CVE-2021-261047.8

Multiple OS command injection (CWE-78) vulnerabilities in the command line interface of FortiManager 6.2.7 and below, 6.4.5 and be...