Commit CVE-2022-26121

2025-06-10 02:04:31 +00:00 · 2022-10-10 13:36:56 +02:00 · 2022-10-10 13:36:56 +02:00 · e88213b56d
commit e88213b56d
parent ca948d3580
1 changed files with 63 additions and 3 deletions
--- a/2022/26xxx/CVE-2022-26121.json
+++ b/2022/26xxx/CVE-2022-26121.json
@ -4,14 +4,74 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2022-26121",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "psirt@fortinet.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Fortinet",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Fortinet FortiManager, FortiAnalyzer",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "FortiManager 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11; FortiAnalyzer 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "High",
+            "attackVector": "Network",
+            "availabilityImpact": "None",
+            "baseScore": 3.4,
+            "baseSeverity": "Low",
+            "confidentialityImpact": "Low",
+            "integrityImpact": "None",
+            "privilegesRequired": "None",
+            "scope": "Unchanged",
+            "userInteraction": "None",
+            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Improper access control"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "name": "https://fortiguard.com/psirt/FG-IR-22-026",
+                "url": "https://fortiguard.com/psirt/FG-IR-22-026"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "An exposure of resource to wrong sphere\u00a0vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the\u00a0name in the URL path."
            }
        ]
    }