EUVD-2021-28166

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Improper access control in FortiWeb allows unauthorized access to Log reports via URLs.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2021-41013	8 Dec 202120:22	–	circl
CNNVD	Fortinet FortiWeb 安全漏洞	8 Dec 202100:00	–	cnnvd
CNVD	Fortinet FortiWeb Information Disclosure Vulnerability (CNVD-2021-99665)	13 Dec 202100:00	–	cnvd
CVE	CVE-2021-41013	8 Dec 202113:33	–	cve
Cvelist	CVE-2021-41013	8 Dec 202113:33	–	cvelist
Fortinet	FortiWeb - Unauthorized user is granted access to the Reports available in the Log & Report section	7 Dec 202100:00	–	fortinet
Tenable Nessus	Fortinet FortiWeb Unauthorized user is granted access to the Reports available in the Log & Report section (FG-IR-21-138)	26 Oct 202400:00	–	nessus
NVD	CVE-2021-41013	8 Dec 202117:15	–	nvd
OSV	CVE-2021-41013	8 Dec 202117:15	–	osv
Prion	Improper access control	8 Dec 202117:15	–	prion

[
  {
    "enisaIdVendor": [
      {
        "id": "3e1170f8-b7f8-36d5-afd6-2d1359b54d31",
        "vendor": {
          "name": "Fortinet"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "4cfbcd03-8ff3-38b9-a6a0-eb04c14c8274",
        "product": {
          "name": "Fortinet FortiWeb"
        },
        "product_version": "FortiWeb 6.4.1, 6.4.0, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0"
      }
    ]
  }
]

Source	Link
fortiguard	www.fortiguard.com/advisory/FG-IR-21-138

03 Oct 2025 20:07Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.15.3

CVSS 25

EPSS0.00489

SSVC