Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
fortinetFortiGuard LabsFG-IR-21-255
HistoryMar 01, 2022 - 12:00 a.m.

FortiAnalyzer, FortiManager - bypass of client-side password change policy enforcement

2022-03-0100:00:00
FortiGuard Labs
www.fortiguard.com
13
fortianalyzer
fortimanager
insufficient permissions vulnerability
cwe-280
password change policy

EPSS

0.001

Percentile

42.8%

JSON

An improper handling of insufficient permissions or privileges vulnerability [CWE-280] in FortiAnalyzer and FortiManager may allow an authenticated attacker to bypass the device policy and force the password-change action for its user.

Related

cvelist 1
cnvd 1
prion 1
cve 1
nvd 1
cvelist
cvelist
CVE-2022-22300
2022-03-01 18:25:16
cnvd
cnvd
Fortinet FortiAnalyzer Privilege Licensing and Access Control Issues Vulnerability
2022-03-03 00:00:00
prion
prion
Input validation
2022-03-01 19:15:00
cve
cve
CVE-2022-22300
2022-03-01 19:15:08
nvd
nvd
CVE-2022-22300
2022-03-01 19:15:08

EPSS

0.001

Percentile

42.8%

JSON
Related for FG-IR-21-255
cvelist1cnvd1prion1cve1nvd1