Fortiauthenticator
Sign in to watchby Fortinet
CVEs (6)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-1459 | 0.00 | — | 0.00 | Feb 3, 2015 | Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. | ||
| CVE-2015-1458 | 0.00 | — | 0.00 | Feb 3, 2015 | Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. | ||
| CVE-2015-1457 | 0.00 | — | 0.00 | Feb 3, 2015 | Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. | ||
| CVE-2015-1456 | 0.00 | — | 0.00 | Feb 3, 2015 | Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/. | ||
| CVE-2015-1455 | 0.00 | — | 0.01 | Feb 3, 2015 | Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||
| CVE-2013-6990 | 0.00 | — | 0.00 | Apr 30, 2014 | FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface. |