Fortinet FortiAuthenticator 6.4.0
Approved changes feed: RSS · Atom
cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*
part: a version: 6.4.0 update: *
| Vendor | Fortinet (2b06c5e0-0a17-54f4-810a-5ef236d51947) |
|---|---|
| Product | Fortiauthenticator (c9e59448-899d-59b8-be98-875d13278b33) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-44277 |
vulnerable | 2026-06-03 15:25:02.964958 |
Details available
CRITICAL (9.1)
A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests.
Published: 2026-05-12T16:54:05.024Z
Updated: 2026-05-28T09:30:16.137Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-21743 |
vulnerable | 2026-06-03 15:15:51.608082 |
Details available
MEDIUM (6.8)
A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotected endpoint.
Published: 2026-02-10T15:39:11.799Z
Updated: 2026-02-12T00:27:03.410Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-59923 |
vulnerable | 2026-06-03 15:06:26.338145 |
Details available
LOW (2.6)
An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the credentials of other administrators' messaging services via crafted requests.
Published: 2025-12-09T17:18:45.658Z
Updated: 2026-01-14T09:18:46.546Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57823 |
vulnerable | 2026-06-03 15:05:00.115033 |
Details available
LOW (2.6)
A direct request ('forced browsing') vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and download device logs via accessing specific endpoints
Published: 2025-12-09T17:18:45.986Z
Updated: 2026-01-14T09:18:54.052Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23664 |
vulnerable | 2026-06-03 14:55:04.260028 |
Details available
MEDIUM (5.8)
A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL.
Published: 2024-06-03T09:50:26.151Z
Updated: 2024-08-01T23:06:25.363Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-23439 |
vulnerable | 2026-06-03 14:46:27.340451 |
Details available
MEDIUM (4.1)
A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver
Published: 2025-01-22T09:10:28.669Z
Updated: 2026-01-14T13:06:07.365Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-43068 |
vulnerable | 2026-06-03 14:45:28.018189 |
Details available
MEDIUM (5.4)
A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the second factor of authentication via a RADIUS login portal.
Published: 2021-12-09T09:38:37.000Z
Updated: 2024-10-25T13:36:50.227Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-43067 |
vulnerable | 2026-06-03 14:45:28.017644 |
Details available
HIGH (8.3)
A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests.
Published: 2021-12-08T11:22:39.000Z
Updated: 2024-10-25T13:42:16.266Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.