CVSS: 4.7EPSS: 0%CPEs: 99EXPL: 0CVE-2022-23439
https://notcve.org/view.php?id=CVE-2022-23439
22 Jan 2025 — A externally controlled reference to a resource in another sphere in Fortinet FortiManager before version 7.4.3, FortiMail before version 7.0.3, FortiAnalyzer before version 7.4.3, FortiVoice version 7.0.0, 7.0.1 and before 6.4.8, FortiProxy before version 7.0.4, FortiRecorder version 6.4.0 through 6.4.2 and before 6.0.10, FortiAuthenticator version 6.4.0 through 6.4.1 and before 6.3.3, FortiNDR version 7.2.0 before 7.1.0, FortiWLC before version 8.6.4, FortiPortal before version 6.0.9, FortiOS version 7.2.... • https://fortiguard.com/psirt/FG-IR-21-254 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2022-22302
https://notcve.org/view.php?id=CVE-2022-22302
11 Jul 2023 — A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem. • https://fortiguard.com/psirt/FG-IR-20-014 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-35850
https://notcve.org/view.php?id=CVE-2022-35850
11 Apr 2023 — An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated attacker to trigger a reflected cross site scripting (XSS) attack via the "reset-password" page. • https://fortiguard.com/psirt/FG-IR-22-275 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26208
https://notcve.org/view.php?id=CVE-2023-26208
09 Mar 2023 — A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to th... • https://fortiguard.com/psirt/FG-IR-20-078 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-26116
https://notcve.org/view.php?id=CVE-2021-26116
06 Apr 2022 — An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. Una neutralización inapropiada de los elementos especiales usados en una vulnerabilidad de comandos del Sistema Operativo en el intérprete de línea de comandos de FortiAuthenticator versiones anteriores a 6.3.1, puede permitir a un atac... • https://fortiguard.com/advisory/FG-IR-21-068 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36177
https://notcve.org/view.php?id=CVE-2021-36177
02 Feb 2022 — An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database. Una vulnerabilidad de control de acceso inapropiado [CWE-284] en el servicio FortiAuthenticator HA versiones 6.3.2 y anteriores, 6.2.x, 6.1.x, 6.0.x puede permitir a un atacante en la misma vlan que la interfaz de administración de HA realizar una conex... • https://fortiguard.com/psirt/FG-IR-20-217 •
CVSS: 8.3EPSS: 0%CPEs: 10EXPL: 0CVE-2021-43067
https://notcve.org/view.php?id=CVE-2021-43067
08 Dec 2021 — A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests. Una exposición de información confidencial a un actor no autorizado en Fortinet FortiAuthenticator versión 6.4.0, versión 6.3.2 y anteriores, versión 6.2.1 y anteriores, versión 6.1.2 y anteriores, ver... • https://fortiguard.com/advisory/FG-IR-21-211 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24005
https://notcve.org/view.php?id=CVE-2021-24005
06 Jul 2021 — Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key. El uso de claves criptográficas embebidas para cifrar los archivos de configuración y los registros de depuración en FortiAuthenticator versiones anteriores a 6.3.0, puede permitir a un atacante con acceso a los archivos o a la configuración d... • https://fortiguard.com/psirt/FG-IR-20-049 • CWE-798: Use of Hard-coded Credentials •