Lucene search

[email protected]NVD:CVE-2022-26121

HistoryOct 10, 2022 - 2:15 p.m.

CVE-2022-26121

2022-10-1014:15:09

CWE-668

[email protected]

web.nvd.nist.gov

exposure of resource

wrong sphere vulnerability

fortianalyzer

fortimanager

unauthenticated attacker

remote attacker

access

report template images

url path

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

48.1%

JSON

An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path.

Affected configurations

Nvd

Node

fortinetfortimanagerRange5.6.0–5.6.11

fortinetfortimanagerRange6.0.0–6.0.11

fortinetfortimanagerRange6.2.0–6.2.9

fortinetfortimanagerRange6.4.0–6.4.8

fortinetfortimanagerRange7.0.0–7.0.3

Node

fortinetfortianalyzerRange5.6.0–5.6.11

fortinetfortianalyzerRange6.0.0–6.0.11

fortinetfortianalyzerRange6.2.0–6.2.9

fortinetfortianalyzerRange6.4.0–6.4.8

fortinetfortianalyzerRange7.0.0–7.0.3

VendorProductVersionCPE
fortinetfortimanager*cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
fortinetfortianalyzer*cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*