Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fortinet fortiauthenticator vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-9186
A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to prior to 5.3.0 "CSRF validation failure" page allows malicious user to execute unauthorized script code via inject malicious scripts in HTTP referer header.
Fortinet Fortiauthenticator
383
VMScore
CVE-2015-1459
Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote malicious users to inject arbitrary web script or HTML via the operation parameter to cert/scep/.
Fortinet Fortiauthenticator 3.0.0
356
VMScore
CVE-2015-1456
Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/.
Fortinet Fortiauthenticator 3.0.0
294
VMScore
CVE-2021-36177
An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database.
Fortinet Fortiauthenticator
NA
CVE-2024-23664
A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an malicious user to to redirect users to an arbitrary website via a crafted URL.
NA
CVE-2023-46717
An improper authentication vulnerability [CWE-287] in FortiOS versions 7.4.1 and below, versions 7.2.6 and below, and versions 7.0.12 and below when configured with FortiAuthenticator in HA may allow a readonly user to gain read-write access via successive login attempts.
Fortinet Fortios
1 Article
NA
CVE-2022-22302
A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 up to and including 6.4.1, 6.2.0 up to and including 6.2.9 and 6.0.0 up to and including 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a l...
Fortinet Fortios 6.4.0
Fortinet Fortios
Fortinet Fortiauthenticator 6.1.0
Fortinet Fortios 6.4.1
Fortinet Fortiauthenticator 5.5.0
Fortinet Fortiauthenticator
NA
CVE-2022-35850
An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 up to and including 6.4.4, 6.3.0 up to and including 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated malicious user to trigger a ...
Fortinet Fortiauthenticator
NA
CVE-2023-26208
A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated malicious user to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.
Fortinet Fortiauthenticator
NA
CVE-2022-22304
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated malicious user to perform an XSS attack via crafted HTTP GET requests.
Fortinet Fortiauthenticator Agent For Microsoft Outlook Web Access 2.2
Fortinet Fortiauthenticator Agent For Microsoft Outlook Web Access 2.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2