2023-09-14 09:00:33 +00:00
{
2025-03-11 15:00:34 +00:00
"data_version" : "4.0" ,
2023-09-14 09:00:33 +00:00
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"CVE_data_meta" : {
"ID" : "CVE-2023-42784" ,
2025-03-11 15:00:34 +00:00
"ASSIGNER" : "psirt@fortinet.com" ,
"STATE" : "PUBLIC"
2023-09-14 09:00:33 +00:00
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2025-03-11 15:00:34 +00:00
"value" : "An improper handling of syntactically invalid structure in Fortinet FortiWeb at least verions 7.4.0 through 7.4.6 and 7.2.0 through 7.2.10 and 7.0.0 through 7.0.10 allows attacker to execute unauthorized code or commands via HTTP/S crafted requests."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "Execute unauthorized code or commands" ,
"cweId" : "CWE-228"
}
]
}
]
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "Fortinet" ,
"product" : {
"product_data" : [
{
"product_name" : "FortiWeb" ,
"version" : {
"version_data" : [
{
"version_affected" : "<=" ,
"version_name" : "7.4.0" ,
"version_value" : "7.4.7"
} ,
{
"version_affected" : "<=" ,
"version_name" : "7.2.0" ,
"version_value" : "7.2.10"
} ,
{
"version_affected" : "<=" ,
"version_name" : "7.0.0" ,
"version_value" : "7.0.10"
}
]
}
}
]
}
}
]
}
} ,
"references" : {
"reference_data" : [
{
"url" : "https://fortiguard.fortinet.com/psirt/FG-IR-23-115" ,
"refsource" : "MISC" ,
"name" : "https://fortiguard.fortinet.com/psirt/FG-IR-23-115"
}
]
} ,
"solution" : [
{
"lang" : "en" ,
"value" : "Please upgrade to FortiWeb version 7.6.0 or above"
}
] ,
"impact" : {
"cvss" : [
{
"version" : "3.1" ,
"attackComplexity" : "HIGH" ,
"attackVector" : "NETWORK" ,
"availabilityImpact" : "LOW" ,
"baseScore" : 5.5 ,
"baseSeverity" : "MEDIUM" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
"privilegesRequired" : "NONE" ,
"scope" : "UNCHANGED" ,
"userInteraction" : "NONE" ,
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:X/RC:X"
2023-09-14 09:00:33 +00:00
}
]
}
}
