Lucene search

FortinetCVELIST:CVE-2021-36172

HistoryNov 02, 2021 - 5:35 p.m.

CVE-2021-36172

2021-11-0217:35:11

fortinet

www.cve.org

vulnerability

xml

denial of service

arbitrary files

fortiportal

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:W/RC:C

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents.

CNA Affected

[
  {
    "product": "Fortinet FortiPortal",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiPortal before 6.0.6"
      }
    ]
  }
]

References

fortiguard.com/advisory/FG-IR-21-104

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:W/RC:C

AI Score

8.1

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Related for CVELIST:CVE-2021-36172