Fortinet Fortianalyzer Cloud

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Fortinet Fortianalyzer Cloud.

By the Year

In 2025 there have been 9 vulnerabilities in Fortinet Fortianalyzer Cloud with an average score of 8.9 out of ten. Last year, in 2024 Fortianalyzer Cloud had 1 security vulnerability published. That is, 8 more vulnerabilities have already been reported in 2025 as compared to last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 1.74.

Year	Vulnerabilities	Average Score
2025	9	8.94
2024	1	7.20

It may take a day or so for new Fortianalyzer Cloud vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Fortinet Fortianalyzer Cloud Security Vulnerabilities

FortiManager/Analyzer SQL Injection before 7.6.2 (CWE-89)
CVE-2025-24474 - July 08, 2025

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiManager Cloud 7.4.1 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiAnalyzer 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; and FortiAnalyzer Cloud 7.4.1 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker with high privilege to extract database information via crafted requests.

SQL Injection

FortiAnalyzer/Manager OS Cmd Inject (CWE-78) v<7.4.3,7.2.5,7.0.13,6.4.15,6.2.13
CVE-2024-40584 - February 11, 2025

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6.2.13, Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15 and 6.2.2 through 6.2.13, Fortinet FortiAnalyzer BigData version 7.4.0, 7.2.0 through 7.2.7, 7.0.1 through 7.0.6, 6.4.5 through 6.4.7 and 6.2.5, Fortinet FortiAnalyzer Cloud version 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.13 and 6.4.1 through 6.4.7 and Fortinet FortiManager Cloud version 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.13 and 6.4.1 through 6.4.7 GUI allows an authenticated privileged attacker to execute unauthorized code or commands via crafted HTTPS or HTTP requests.

Shell injection

Weak Auth in FortiManager/FortiAnalyzer 7.4.x7.6.x Allows Unauth Code Exec
CVE-2024-50563 9.8 - Critical - January 16, 2025

A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.

1390

FortiAnalyzer/FortiManager Priv Escalation v7.4.0-7.2.5, 6.4.0-6.4.15
CVE-2024-45331 7.8 - High - January 16, 2025

A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands

Incorrect Privilege Assignment

SQL Injection in FortiAnalyzer 7.4.0-7.4.2 -> Priv Escalation
CVE-2024-35275 8.8 - High - January 14, 2025

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.

SQL Injection

FortiAnalyzer/FortiManager SBOV CVE-2024-35276 (v7.47.0, 6.4)
CVE-2024-35276 9.8 - Critical - January 14, 2025

A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute unauthorized code or commands via specially crafted packets.

Memory Corruption

OOB Write in Fortinet FortiManager s/7.4.0-7.4.2 & FortiAnalyzer 7.4.0-7.4.2
CVE-2024-35273 8.8 - High - January 14, 2025

A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests.

Memory Corruption

Privilege Escalation in Fortinet FortiManager & FortiAnalyzer (v6.4.0-7.4.3)
CVE-2024-33503 7.8 - High - January 14, 2025

A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands

Incorrect Privilege Assignment

Fortinet FortiOS <=7.4.4 Weak Auth BruteForce Code Exec
CVE-2024-48886 9.8 - Critical - January 14, 2025

A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack.

1390

FMT Vulnerability in FortiAnalyzer 7.4.07.4.3,7.2.27.2.5 Allows Priv Escal
CVE-2024-45330 7.2 - High - October 08, 2024

A use of externally-controlled format string in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.2 through 7.2.5 allows attacker to escalate its privileges via specially crafted requests.

Use of Externally-Controlled Format String

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Fortinet Fortianalyzer Cloud or by Fortinet? Click the Watch button to subscribe.

Fortinet
Vendor

Fortinet Fortianalyzer Cloud
Product

Fortinet Fortianalyzer Cloud

Don't miss out!

By the Year

Recent Fortinet Fortianalyzer Cloud Security Vulnerabilities

FortiManager/Analyzer SQL Injection before 7.6.2 (CWE-89) CVE-2025-24474 - July 08, 2025

FortiAnalyzer/Manager OS Cmd Inject (CWE-78) v<7.4.3,7.2.5,7.0.13,6.4.15,6.2.13 CVE-2024-40584 - February 11, 2025

Weak Auth in FortiManager/FortiAnalyzer 7.4.x7.6.x Allows Unauth Code Exec CVE-2024-50563 9.8 - Critical - January 16, 2025

FortiAnalyzer/FortiManager Priv Escalation v7.4.0-7.2.5, 6.4.0-6.4.15 CVE-2024-45331 7.8 - High - January 16, 2025

SQL Injection in FortiAnalyzer 7.4.0-7.4.2 -> Priv Escalation CVE-2024-35275 8.8 - High - January 14, 2025

FortiAnalyzer/FortiManager SBOV CVE-2024-35276 (v7.47.0, 6.4) CVE-2024-35276 9.8 - Critical - January 14, 2025

OOB Write in Fortinet FortiManager s/7.4.0-7.4.2 & FortiAnalyzer 7.4.0-7.4.2 CVE-2024-35273 8.8 - High - January 14, 2025

Privilege Escalation in Fortinet FortiManager & FortiAnalyzer (v6.4.0-7.4.3) CVE-2024-33503 7.8 - High - January 14, 2025

Fortinet FortiOS <=7.4.4 Weak Auth BruteForce Code Exec CVE-2024-48886 9.8 - Critical - January 14, 2025

FMT Vulnerability in FortiAnalyzer 7.4.07.4.3,7.2.27.2.5 Allows Priv Escal CVE-2024-45330 7.2 - High - October 08, 2024