11 results (0.004 seconds)

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL. Una redirección de URL a un sitio que no es de confianza ("redirección abierta") en Fortinet FortiAuthenticator versión 6.6.0, versión 6.5.3 e inferiores, versión 6.4.9 e inferiores puede permitir a un atacante redirigir a los usuarios a un sitio web arbitrario a través de una URL manipulada. • https://fortiguard.fortinet.com/psirt/FG-IR-23-465 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0

A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem. • https://fortiguard.com/psirt/FG-IR-20-014 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated attacker to trigger a reflected cross site scripting (XSS) attack via the "reset-password" page. • https://fortiguard.com/psirt/FG-IR-22-275 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. • https://fortiguard.com/psirt/FG-IR-20-078 • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. Una neutralización inapropiada de los elementos especiales usados en una vulnerabilidad de comandos del Sistema Operativo en el intérprete de línea de comandos de FortiAuthenticator versiones anteriores a 6.3.1, puede permitir a un atacante autenticado ejecutar comandos no autorizados por medio de argumentos específicamente diseñados para comandos existentes • https://fortiguard.com/advisory/FG-IR-21-068 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •