cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-22304,https://securityvulnerability.io/vulnerability/CVE-2022-22304,Improper Input Neutralization in FortiAuthenticator OWA Agent for Microsoft,"The FortiAuthenticator OWA Agent for Microsoft versions 2.1 and 2.2 contains a vulnerability that allows an unauthenticated attacker to execute cross-site scripting (XSS) attacks. This is due to improper neutralization of user input during web page generation, enabling the attacker to send crafted HTTP GET requests that could compromise web application security.",Fortinet,Fortinet Fortiauthenticator Outlookagent,6.1,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2022-07-18T16:35:28.000Z,0
CVE-2021-26116,https://securityvulnerability.io/vulnerability/CVE-2021-26116,Command Injection Flaw in FortiAuthenticator Product by Fortinet,"A vulnerability exists in FortiAuthenticator's command line interpreter which permits an authenticated attacker to exploit it through specially crafted arguments. This improper neutralization of commands may lead to the execution of unauthorized commands, posing significant security risks. It is crucial for users of affected versions to implement the necessary updates to mitigate potential exploitation.",Fortinet,Fortinet Fortiauthenticator,6.7,MEDIUM,0.0016799999866634607,false,,false,false,false,,,false,false,,2022-04-06T16:00:51.000Z,0
CVE-2021-43068,https://securityvulnerability.io/vulnerability/CVE-2021-43068,Improper Authentication Vulnerability in Fortinet FortiAuthenticator,A security flaw in Fortinet FortiAuthenticator version 6.4.0 allows attackers to bypass the second factor of authentication through the RADIUS login portal. This vulnerability compromises the effectiveness of multi-factor authentication and could potentially lead to unauthorized access.,Fortinet,Fortinet Fortiauthenticator,5.4,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-12-09T09:38:37.000Z,0
CVE-2021-43067,https://securityvulnerability.io/vulnerability/CVE-2021-43067,Sensitive Information Exposure in Fortinet FortiAuthenticator,"The vulnerability in Fortinet FortiAuthenticator allows unauthorized actors to access sensitive information by exploiting a flaw that permits the duplication of a target LDAP user’s two-factor authentication token. This is achieved through the use of crafted HTTP requests, impacting multiple versions including 6.4.0 and earlier. Organizations using affected versions should take immediate measures to secure their systems.",Fortinet,Fortinet Fortiauthenticator,8.3,HIGH,0.00482999999076128,false,,false,false,false,,,false,false,,2021-12-08T11:22:39.000Z,0
CVE-2021-22124,https://securityvulnerability.io/vulnerability/CVE-2021-22124,Denial of Service Vulnerability in FortiSandbox and FortiAuthenticator,"An uncontrolled resource consumption vulnerability exists in the login modules of FortiSandbox and FortiAuthenticator. This vulnerability allows an unauthenticated attacker to exploit the system by sending specifically crafted long request parameters, potentially leading to a denial of service condition and causing the device to become unresponsive.",Fortinet,"Fortinet Fortisandbox, Fortiauthenticator",7.5,HIGH,0.0010999999940395355,false,,false,false,false,,,false,false,,2021-08-04T18:18:25.000Z,0