2017-10-16 12:31:07 -04:00
{
"CVE_data_meta" : {
2018-03-20 08:18:47 -04:00
"ASSIGNER" : "psirt@fortinet.com" ,
"DATE_PUBLIC" : "2018-03-06T00:00:00" ,
2017-10-16 12:31:07 -04:00
"ID" : "CVE-2017-14191" ,
2018-03-20 08:18:47 -04:00
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FortiWeb" ,
"version" : {
"version_data" : [
{
"version_value" : "5.6.0 and above"
}
]
}
}
]
} ,
"vendor_name" : "Fortinet, Inc."
}
]
}
2017-10-16 12:31:07 -04:00
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2018-03-20 08:18:47 -04:00
"value" : "An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 and above under \"Signed Security Mode\", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie. A fix is scheduled in upcoming FortiWeb v6.1.0."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "Improper Access Control"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
2018-04-05 09:33:01 -04:00
"name" : "https://fortiguard.com/advisory/FG-IR-17-279" ,
"refsource" : "CONFIRM" ,
2018-03-20 08:18:47 -04:00
"url" : "https://fortiguard.com/advisory/FG-IR-17-279"
2018-03-21 06:04:28 -04:00
} ,
{
2018-04-05 09:33:01 -04:00
"name" : "103430" ,
"refsource" : "BID" ,
2018-03-21 06:04:28 -04:00
"url" : "http://www.securityfocus.com/bid/103430"
2017-10-16 12:31:07 -04:00
}
]
}
}
