admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 05:28:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-325xx/CVE-2021-32586.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

151 lines
4.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-32586",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2022-03-01T19:15:08.227",
"lastModified": "2022-03-09T14:11:28.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en las instalaciones CGI del servidor web de FortiMail versiones anteriores a 7.0.1, puede permitir a un atacante no autenticado alterar el entorno del int\u00e9rprete de scripts subyacente por medio de peticiones HTTP espec\u00edficamente dise\u00f1adas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.5
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.4.12",
"matchCriteriaId": "012B958E-B46C-4E94-91FA-6E0083739215"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.0.12",
"matchCriteriaId": "949AE030-B3F8-496D-AB9A-8F34203C3CB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndExcluding": "6.2.8",
"matchCriteriaId": "9BAEA8B7-C4D3-4C12-8EF0-77A3F0EF2A14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndExcluding": "6.4.6",
"matchCriteriaId": "9ABBEADA-F0B2-4661-ADEA-4E9998564E69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15993051-6D79-4D59-B43D-EE3DA539AA18"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-21-008",
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink