Lucene search

PRIOn knowledge basePRION:CVE-2021-42761

HistoryFeb 16, 2023 - 7:15 p.m.

Session fixation

2023-02-1619:15:00

PRIOn knowledge base

www.prio-n.com

session fixation

vulnerability

fortiweb

remote

unauthenticated attacker

session identifier

usurpation

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.0%

JSON

A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session.

CPENameOperatorVersion
fortiwebge6.3.0
fortiweblt6.3.17
fortiwebge6.2.0
fortiweblt6.2.7
fortiwebge6.1.0
fortiweblt6.1.3
fortiwebge6.4.0
fortiweblt7.0.0
fortiwebge6.0.0
fortiweblt6.0.8

Name	Operator	Version
fortiweb	ge	6.3.0
fortiweb	lt	6.3.17
fortiweb	ge	6.2.0
fortiweb	lt	6.2.7
fortiweb	ge	6.1.0
fortiweb	lt	6.1.3
fortiweb	ge	6.4.0
fortiweb	lt	7.0.0
fortiweb	ge	6.0.0
fortiweb	lt	6.0.8

Rows per page:

1-10 of 121

References

fortiguard.com/psirt/FG-IR-21-214