) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:fortinet:fortiauthenticator:3.0.0:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2015-1459 |
Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. Published: February 03, 2015; 11:59:31 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2015-1458 |
Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. Published: February 03, 2015; 11:59:30 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.9 MEDIUM |
| CVE-2015-1457 |
Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. Published: February 03, 2015; 11:59:29 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.9 MEDIUM |
| CVE-2015-1456 |
Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/. Published: February 03, 2015; 11:59:28 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |
| CVE-2015-1455 |
Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors. Published: February 03, 2015; 11:59:27 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |