PSIRT Advisory

FortiAuthenticator multiple vulnerabilities

Impact

Local file disclosure, Local passwords disclosure, reflected XSS

Affected Products

Password disclosure and local file disclosure (CVE-2015-1456, CVE-2015-1455, CVE-2015-1457) affect FortiAuthenticator lower than 3.2.0Reflected XSS (CVE-2015-1459) affect FortiAuthenticator lower than 3.2.1

Solutions

Upgrade to FortiAuthenticator 3.2.1 or higher.