From e88213b56d072c084252e5d798f93c34b2142413 Mon Sep 17 00:00:00 2001
From: Fortinet PSIRT Team <psirt_team@fortinet.com>
Date: Mon, 10 Oct 2022 13:36:56 +0200
Subject: [PATCH] Commit CVE-2022-26121

---
 2022/26xxx/CVE-2022-26121.json | 66 ++++++++++++++++++++++++++++++++--
 1 file changed, 63 insertions(+), 3 deletions(-)

diff --git a/2022/26xxx/CVE-2022-26121.json b/2022/26xxx/CVE-2022-26121.json
index eb366c58f9a..66a1bb54599 100644
--- a/2022/26xxx/CVE-2022-26121.json
+++ b/2022/26xxx/CVE-2022-26121.json
@@ -4,14 +4,74 @@
     "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2022-26121",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "psirt@fortinet.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Fortinet",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Fortinet FortiManager, FortiAnalyzer",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "FortiManager 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11; FortiAnalyzer 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "High",
+            "attackVector": "Network",
+            "availabilityImpact": "None",
+            "baseScore": 3.4,
+            "baseSeverity": "Low",
+            "confidentialityImpact": "Low",
+            "integrityImpact": "None",
+            "privilegesRequired": "None",
+            "scope": "Unchanged",
+            "userInteraction": "None",
+            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Improper access control"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "name": "https://fortiguard.com/psirt/FG-IR-22-026",
+                "url": "https://fortiguard.com/psirt/FG-IR-22-026"
+            }
+        ]
     },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "An exposure of resource to wrong sphere\u00a0vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the\u00a0name in the URL path."
             }
         ]
     }