Lucene search

FortinetCVELIST:CVE-2021-36172

HistoryNov 02, 2021 - 5:35 p.m.

CVE-2021-36172

2021-11-0217:35:11

fortinet

www.cve.org

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:W/RC:C

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.8%

JSON

An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents.

CNA Affected

[
  {
    "product": "Fortinet FortiPortal",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiPortal before 6.0.6"
      }
    ]
  }
]

References

fortiguard.com/advisory/FG-IR-21-104

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:W/RC:C

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.8%

JSON

Related for CVELIST:CVE-2021-36172