cvelist/2022/26xxx/CVE-2022-26121.json

{
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2022-26121",
        "ASSIGNER": "psirt@fortinet.com",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Fortinet",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Fortinet FortiManager, FortiAnalyzer",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "FortiManager 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11; FortiAnalyzer 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "impact": {
        "cvss": {
            "attackComplexity": "High",
            "attackVector": "Network",
            "availabilityImpact": "None",
            "baseScore": 3.4,
            "baseSeverity": "Low",
            "confidentialityImpact": "Low",
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "userInteraction": "None",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Improper access control"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "CONFIRM",
                "name": "https://fortiguard.com/psirt/FG-IR-22-026",
                "url": "https://fortiguard.com/psirt/FG-IR-22-026"
            }
        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path."
            }
        ]
    }
}
"-Synchronized-Data." 2022-02-25 15:01:11 +00:00			`{`
			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"data_version": "4.0",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2022-26121",`
Commit CVE-2022-26121 2022-10-10 13:36:56 +02:00			`"ASSIGNER": "psirt@fortinet.com",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "Fortinet",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "Fortinet FortiManager, FortiAnalyzer",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "FortiManager 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11; FortiAnalyzer 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "High",`
			`"attackVector": "Network",`
			`"availabilityImpact": "None",`
			`"baseScore": 3.4,`
			`"baseSeverity": "Low",`
			`"confidentialityImpact": "Low",`
			`"integrityImpact": "None",`
			`"privilegesRequired": "None",`
			`"scope": "Unchanged",`
			`"userInteraction": "None",`
			`"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Improper access control"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"refsource": "CONFIRM",`
			`"name": "https://fortiguard.com/psirt/FG-IR-22-026",`
			`"url": "https://fortiguard.com/psirt/FG-IR-22-026"`
			`}`
			`]`
"-Synchronized-Data." 2022-02-25 15:01:11 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2022-10-10 15:00:32 +00:00			`"value": "An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path."`
"-Synchronized-Data." 2022-02-25 15:01:11 +00:00			`}`
			`]`
			`}`
			`}`