Vulnerabilities > Fortinet > Fortiauthenticator > 3.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-02-03 | CVE-2015-1459 | Cross-site Scripting vulnerability in Fortinet Fortiauthenticator 3.0.0 Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. | 4.3 |
| 2015-02-03 | CVE-2015-1458 | Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortiauthenticator 3.0.0 Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. | 6.9 |
| 2015-02-03 | CVE-2015-1457 | Information Exposure vulnerability in Fortinet Fortiauthenticator 3.0.0 Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. | 4.9 |
| 2015-02-03 | CVE-2015-1456 | Information Exposure vulnerability in Fortinet Fortiauthenticator 3.0.0 Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/. | 4.0 |
| 2015-02-03 | CVE-2015-1455 | Credentials Management vulnerability in Fortinet Fortiauthenticator 3.0.0 Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors. | 7.5 |