Lucene search
FortinetCVELIST:CVE-2021-36190HistoryDec 08, 2021 - 1:11 p.m.
CVE-2021-36190
2021-12-0813:11:05
fortinet
www.cve.org
2
fortinet fortiweb
unintended proxy
crafted http requests
protected hosts
CVSS3
5.5
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:C
AI Score
6.6
Confidence
High
EPSS
0.001
Percentile
38.1%
A unintended proxy or intermediary (‘confused deputy’) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests.
CNA Affected
[
{
"product": "Fortinet FortiWeb",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiWeb 6.4.1, 6.4.0, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0"
}
]
}
]References
Related
fortinet
fortinet
FortiWeb - Confused deputy issue on SERVER_NAME causes open proxy flaw
2021-12-07 00:00:00
prion
prion
Code injection
2021-12-08 14:15:00
cnvd
cnvd
Fortinet FortiWeb has an unspecified vulnerability (CNVD-2021-101135)
2021-12-14 00:00:00
cve
cve
CVE-2021-36190
2021-12-08 14:15:09
nvd
nvd
CVE-2021-36190
2021-12-08 14:15:09
CVSS3
5.5
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:C
AI Score
6.6
Confidence
High
EPSS
0.001
Percentile
38.1%
Related for CVELIST:CVE-2021-36190