Fortinet Fortianalyzer Big Data

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Fortinet Fortianalyzer Big Data.

By the Year

In 2025 there have been 3 vulnerabilities in Fortinet Fortianalyzer Big Data with an average score of 6.7 out of ten. Last year, in 2024 Fortianalyzer Big Data had 9 security vulnerabilities published. Right now, Fortianalyzer Big Data is on track to have less security vulnerabilities in 2025 than it did last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.84.

Year	Vulnerabilities	Average Score
2025	3	6.70
2024	9	5.86

It may take a day or so for new Fortianalyzer Big Data vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Fortinet Fortianalyzer Big Data Security Vulnerabilities

FortiAnalyzer/FortiManager CLI SQLi v7.4.0-7.4.2
CVE-2024-33501 6.7 - Medium - March 11, 2025

Two improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5, FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via specifically crafted CLI requests.

SQL Injection

FortiManager/Analyzer OS Command Injection 5.0–7.4 CVE-2024-32123
CVE-2024-32123 - March 11, 2025

Multiple improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 and 5.6.0 through 5.6.11 and 5.4.0 through 5.4.7 and 5.2.0 through 5.2.10 and 5.0.0 through 5.0.12 and 4.3.4 through 4.3.8 allows attacker to execute unauthorized code or commands via crafted CLI requests.

Shell injection

FortiAnalyzer/Manager OS Cmd Inject (CWE-78) v<7.4.3,7.2.5,7.0.13,6.4.15,6.2.13
CVE-2024-40584 - February 11, 2025

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6.2.13, Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6.2.13, Fortinet FortiAnalyzer BigData version 7.4.0, 7.2.0 through 7.2.7, 7.0.1 through 7.0.6, 6.4.5 through 6.4.7 and 6.2.5, Fortinet FortiAnalyzer Cloud version 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.13 and 6.4.1 through 6.4.7 and Fortinet FortiManager Cloud version 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.13 and 6.4.1 through 6.4.7 GUI allows an authenticated privileged attacker to execute unauthorized code or commands via crafted HTTPS or HTTP requests.

Shell injection

Fortinet FortiAnalyzer/FortiManager Path Traversal Vulnerability
CVE-2024-35274 2.3 - Low - November 12, 2024

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests.

Directory traversal

Fortinet FortiManager/FortiAnalyzer OS Command Injection Vulnerability
CVE-2024-32118 6.7 - Medium - November 12, 2024

Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.

Shell injection

Fortinet FortiManager/FortiAnalyzer Path Traversal Vulnerability
CVE-2024-32117 4.9 - Medium - November 12, 2024

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests.

Directory traversal

Fortinet FortiManager/FortiAnalyzer/FortiAnalyzer-BigData: Multiple Relative Path Traversal Vulnerab
CVE-2024-32116 6 - Medium - November 12, 2024

Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests.

Directory traversal

Fortinet FortiManager/FortiAnalyzer Stack-Based Buffer Overflow Vulnerability
CVE-2024-31496 6.7 - Medium - November 12, 2024

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests.

Memory Corruption

Fortinet FortiAnalyzer-BigData: Client-Side Enforcement of Server-Side Security Vulnerability
CVE-2024-23666 8.8 - High - November 12, 2024

A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests.

Client-Side Enforcement of Server-Side Security

FortiManager/Analyzer Sensitive Info Disclosure CWE-200 before 7.4.2/7.2.5
CVE-2023-44255 4.1 - Medium - November 12, 2024

An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests.

Privacy violation

FortiAnalyzer/FortiManager Auth Bypass via User-Controlled Key (pre-7.4.1, pre-7.2.5)
CVE-2023-44254 6.5 - Medium - September 10, 2024

An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request.

Insecure Direct Object Reference / IDOR

Ext Format Str (CWE-134) in Fortinet FortiManager/FortiAnalyzer 7.4.x, 7.2.x, <7.0.10
CVE-2023-41842 6.7 - Medium - March 12, 2024

A use of externally-controlled format string vulnerability [CWE-134] in Fortinet FortiManager version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.3 and before 7.0.10, Fortinet FortiAnalyzer-BigData before 7.2.5 and Fortinet FortiPortal version 6.0 all versions and version 5.3 all versions allows a privileged attacker to execute unauthorized code or commands via specially crafted command arguments.

Use of Externally-Controlled Format String

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fortinet Fortianalyzer Big Data or by Fortinet? Click the Watch button to subscribe.

Fortinet
Vendor

Fortinet Fortianalyzer Big Data
Product

Fortinet Fortianalyzer Big Data

Don't miss out!

By the Year

Recent Fortinet Fortianalyzer Big Data Security Vulnerabilities

FortiAnalyzer/FortiManager CLI SQLi v7.4.0-7.4.2 CVE-2024-33501 6.7 - Medium - March 11, 2025

FortiManager/Analyzer OS Command Injection 5.0–7.4 CVE-2024-32123 CVE-2024-32123 - March 11, 2025

FortiAnalyzer/Manager OS Cmd Inject (CWE-78) v<7.4.3,7.2.5,7.0.13,6.4.15,6.2.13 CVE-2024-40584 - February 11, 2025

Fortinet FortiAnalyzer/FortiManager Path Traversal Vulnerability CVE-2024-35274 2.3 - Low - November 12, 2024

Fortinet FortiManager/FortiAnalyzer OS Command Injection Vulnerability CVE-2024-32118 6.7 - Medium - November 12, 2024

Fortinet FortiManager/FortiAnalyzer Path Traversal Vulnerability CVE-2024-32117 4.9 - Medium - November 12, 2024

Fortinet FortiManager/FortiAnalyzer/FortiAnalyzer-BigData: Multiple Relative Path Traversal Vulnerab CVE-2024-32116 6 - Medium - November 12, 2024

Fortinet FortiManager/FortiAnalyzer Stack-Based Buffer Overflow Vulnerability CVE-2024-31496 6.7 - Medium - November 12, 2024

Fortinet FortiAnalyzer-BigData: Client-Side Enforcement of Server-Side Security Vulnerability CVE-2024-23666 8.8 - High - November 12, 2024

FortiManager/Analyzer Sensitive Info Disclosure CWE-200 before 7.4.2/7.2.5 CVE-2023-44255 4.1 - Medium - November 12, 2024

FortiAnalyzer/FortiManager Auth Bypass via User-Controlled Key (pre-7.4.1, pre-7.2.5) CVE-2023-44254 6.5 - Medium - September 10, 2024

Ext Format Str (CWE-134) in Fortinet FortiManager/FortiAnalyzer 7.4.x, 7.2.x, <7.0.10 CVE-2023-41842 6.7 - Medium - March 12, 2024

Stay on top of Security Vulnerabilities

Fortinet Vendor

Fortinet Fortianalyzer Big DataProduct

FortiAnalyzer/FortiManager CLI SQLi v7.4.0-7.4.2
CVE-2024-33501 6.7 - Medium - March 11, 2025

FortiManager/Analyzer OS Command Injection 5.0–7.4 CVE-2024-32123
CVE-2024-32123 - March 11, 2025

FortiAnalyzer/Manager OS Cmd Inject (CWE-78) v<7.4.3,7.2.5,7.0.13,6.4.15,6.2.13
CVE-2024-40584 - February 11, 2025

Fortinet FortiAnalyzer/FortiManager Path Traversal Vulnerability
CVE-2024-35274 2.3 - Low - November 12, 2024

Fortinet FortiManager/FortiAnalyzer OS Command Injection Vulnerability
CVE-2024-32118 6.7 - Medium - November 12, 2024

Fortinet FortiManager/FortiAnalyzer Path Traversal Vulnerability
CVE-2024-32117 4.9 - Medium - November 12, 2024

Fortinet FortiManager/FortiAnalyzer/FortiAnalyzer-BigData: Multiple Relative Path Traversal Vulnerab
CVE-2024-32116 6 - Medium - November 12, 2024

Fortinet FortiManager/FortiAnalyzer Stack-Based Buffer Overflow Vulnerability
CVE-2024-31496 6.7 - Medium - November 12, 2024

Fortinet FortiAnalyzer-BigData: Client-Side Enforcement of Server-Side Security Vulnerability
CVE-2024-23666 8.8 - High - November 12, 2024

FortiManager/Analyzer Sensitive Info Disclosure CWE-200 before 7.4.2/7.2.5
CVE-2023-44255 4.1 - Medium - November 12, 2024

FortiAnalyzer/FortiManager Auth Bypass via User-Controlled Key (pre-7.4.1, pre-7.2.5)
CVE-2023-44254 6.5 - Medium - September 10, 2024

Ext Format Str (CWE-134) in Fortinet FortiManager/FortiAnalyzer 7.4.x, 7.2.x, <7.0.10
CVE-2023-41842 6.7 - Medium - March 12, 2024

Fortinet
Vendor

Fortinet Fortianalyzer Big Data
Product