nvd-json-data-feeds/CVE-2020/CVE-2020-159xx/CVE-2020-15933.json

{
  "id": "CVE-2020-15933",
  "sourceIdentifier": "psirt@fortinet.com",
  "published": "2022-01-05T12:15:07.977",
  "lastModified": "2022-01-12T20:03:45.657",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to obtain potentially sensitive software-version information via client-side resources inspection."
    },
    {
      "lang": "es",
      "value": "Una exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en Fortinet FortiMail versiones 6.0.9 y anteriores, FortiMail versiones 6.2.4 y anteriores FortiMail versiones 6.4.1 y 6.4.0, permite a un atacante conseguir informaci\u00f3n potencialmente confidencial de la versi\u00f3n del software por medio de la inspecci\u00f3n de recursos del lado del cliente."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      },
      {
        "source": "psirt@fortinet.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "6.0.9",
              "matchCriteriaId": "70EC95D8-FB2E-40CF-A248-806AC0F254D1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FCC28EF-A732-4B0A-8F2D-217D4C66617F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "880FCAD9-6369-4335-889D-1C66E7CCF15C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9619F567-3F75-4C3F-81D8-81B328EE47A0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1F3783-E2EC-4D43-83C8-ABC3BB720DB3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "09BBE243-5A1B-4E5D-A862-B9362CFBCFA0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60F5771F-D563-48A6-8A8C-FFF518AD376E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "30ACAD3B-3C0B-4549-B31D-D92D99391BAC"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://fortiguard.com/psirt/FG-IR-20-105",
      "source": "psirt@fortinet.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}
bootstrap 2023-04-24 12:24:31 +02:00			`{`
			`"id": "CVE-2020-15933",`
			`"sourceIdentifier": "psirt@fortinet.com",`
			`"published": "2022-01-05T12:15:07.977",`
			`"lastModified": "2022-01-12T20:03:45.657",`
			`"vulnStatus": "Analyzed",`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "A exposure of sensitive information to an unauthorized actor in Fortinet FortiMail versions 6.0.9 and below, FortiMail versions 6.2.4 and below FortiMail versions 6.4.1 and 6.4.0 allows attacker to obtain potentially sensitive software-version information via client-side resources inspection."`
			`},`
			`{`
			`"lang": "es",`
			`"value": "Una exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en Fortinet FortiMail versiones 6.0.9 y anteriores, FortiMail versiones 6.2.4 y anteriores FortiMail versiones 6.4.1 y 6.4.0, permite a un atacante conseguir informaci\u00f3n potencialmente confidencial de la versi\u00f3n del software por medio de la inspecci\u00f3n de recursos del lado del cliente."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.3,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 1.4`
			`},`
			`{`
			`"source": "psirt@fortinet.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.3,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 1.4`
			`}`
			`],`
			`"cvssMetricV2": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "2.0",`
			`"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",`
			`"accessVector": "NETWORK",`
			`"accessComplexity": "LOW",`
			`"authentication": "NONE",`
			`"confidentialityImpact": "PARTIAL",`
			`"integrityImpact": "NONE",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.0`
			`},`
			`"baseSeverity": "MEDIUM",`
			`"exploitabilityScore": 10.0,`
			`"impactScore": 2.9,`
			`"acInsufInfo": false,`
			`"obtainAllPrivilege": false,`
			`"obtainUserPrivilege": false,`
			`"obtainOtherPrivilege": false,`
			`"userInteractionRequired": false`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-200"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:fortinet:fortimail::::::::",`
			`"versionEndIncluding": "6.0.9",`
			`"matchCriteriaId": "70EC95D8-FB2E-40CF-A248-806AC0F254D1"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:fortinet:fortimail:6.2.0:::::::*",`
			`"matchCriteriaId": "4FCC28EF-A732-4B0A-8F2D-217D4C66617F"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:fortinet:fortimail:6.2.1:::::::*",`
			`"matchCriteriaId": "880FCAD9-6369-4335-889D-1C66E7CCF15C"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:fortinet:fortimail:6.2.2:::::::*",`
			`"matchCriteriaId": "9619F567-3F75-4C3F-81D8-81B328EE47A0"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:fortinet:fortimail:6.2.3:::::::*",`
			`"matchCriteriaId": "AE1F3783-E2EC-4D43-83C8-ABC3BB720DB3"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:fortinet:fortimail:6.2.4:::::::*",`
			`"matchCriteriaId": "09BBE243-5A1B-4E5D-A862-B9362CFBCFA0"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:fortinet:fortimail:6.4.0:::::::*",`
			`"matchCriteriaId": "60F5771F-D563-48A6-8A8C-FFF518AD376E"`
			`},`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:fortinet:fortimail:6.4.1:::::::*",`
			`"matchCriteriaId": "30ACAD3B-3C0B-4549-B31D-D92D99391BAC"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://fortiguard.com/psirt/FG-IR-20-105",`
			`"source": "psirt@fortinet.com",`
			`"tags": [`
			`"Patch",`
			`"Vendor Advisory"`
			`]`
			`}`
			`]`
			`}`