CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22124
https://notcve.org/view.php?id=CVE-2021-22124
04 Aug 2021 — An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via specifically-crafted long request parameters. Una vulnerabilidad de consumo no controlado de recursos (denegación de servicio) en los módulos de inicio de sesión de FortiSandbox versiones 3.2.0 hasta 3.2.2, 3.1.0... • https://fortiguard.com/advisory/FG-IR-20-170 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24005
https://notcve.org/view.php?id=CVE-2021-24005
06 Jul 2021 — Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key. El uso de claves criptográficas embebidas para cifrar los archivos de configuración y los registros de depuración en FortiAuthenticator versiones anteriores a 6.3.0, puede permitir a un atacante con acceso a los archivos o a la configuración d... • https://fortiguard.com/psirt/FG-IR-20-049 • CWE-798: Use of Hard-coded Credentials •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16154
https://notcve.org/view.php?id=CVE-2019-16154
07 Jan 2020 — An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page. Una neutralización inapropiada de la entrada durante la generación de página web en FortiAuthenticator WEB UI versión 6.0.0, puede permitir a un usuario no autenticado llevar a cabo un ataque de tipo cross-site scripting (XSS) por medio de un parámetro de la página de inicio de sesión. • https://fortiguard.com/advisory/FG-IR-19-104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9186
https://notcve.org/view.php?id=CVE-2018-9186
31 May 2018 — A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header. Una vulnerabilidad Cross-Site Scripting (XSS) en Fortinet FortiAuthenticator, desde la versión 4.0.0 hasta antes de la 5.3.0, en la página "CSRF validation failure", permite que un atacante ejecute código script no autorizado mediante la inyección de scripts malicioso... • http://www.securityfocus.com/bid/104371 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 3CVE-2015-1459
https://notcve.org/view.php?id=CVE-2015-1459
03 Feb 2015 — Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. Vulnerabilidad de XSS en Fortinet FortiAuthenticator 3.0.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro operation en cert/scep/. • http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1456
https://notcve.org/view.php?id=CVE-2015-1456
03 Feb 2015 — Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/. Fortinet FortiAuthenticator 3.0.0 registra los nombres de usuarios y las contraseñas de PostgreSQL en texto plano, lo que permite a administradores remotos obtener información sensible mediante la lectura del registro en debug/startup/. • http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2015-1458
https://notcve.org/view.php?id=CVE-2015-1458
03 Feb 2015 — Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. Fortinet FortiAuthenticator 3.0.0 permite a usuarios locales evadir las restricciones y ganar privilegios mediante la creación de /tmp/privexec/dbgcore_enable_shell_access y la ejecución del comando 'shell'. • http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2015-1457
https://notcve.org/view.php?id=CVE-2015-1457
03 Feb 2015 — Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. Fortinet FortiAuthenticator 3.0.0 permite a usuarios locales leer ficheros arbitrarios a través del indicador -f en el comando dig. • http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1455
https://notcve.org/view.php?id=CVE-2015-1455
03 Feb 2015 — Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors. Fortinet FortiAuthenticator 3.0.0 tiene una contraseña de (1) slony para el usuario de PostgreSQL de slony y (2) www-data para el usuario de PostgreSQL de www-data, lo que facilita a atacantes remotos obtener acceso a través de vectores no especificados. • http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html • CWE-255: Credentials Management Errors •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6990
https://notcve.org/view.php?id=CVE-2013-6990
30 Apr 2014 — FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface. FortiGuard FortiAuthenticator anterior a 3.0 permite a administradores remotos ganar privilegios a través de la interfaz de línea de comando. • http://www.fortiguard.com/advisory/FG-IR-13-016 • CWE-264: Permissions, Privileges, and Access Controls •