mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
182 lines
6.2 KiB
JSON
182 lines
6.2 KiB
JSON
{
|
|
"id": "CVE-2022-26121",
|
|
"sourceIdentifier": "psirt@fortinet.com",
|
|
"published": "2022-10-10T14:15:09.727",
|
|
"lastModified": "2024-11-21T06:53:28.427",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una vulnerabilidad de exposici\u00f3n de recursos a una esfera incorrecta [CWE-668] en FortiAnalyzer y FortiManager GUI versiones 7.0.0 hasta 7.0.3, 6.4.0 hasta 6.4.8, 6.2.0 hasta 6.2.9, 6.0.0 hasta 6.0.11, 5.6.0 hasta 5.6.11, puede permitir a un atacante no autenticado y remoto acceder a im\u00e1genes de plantillas de informes por medio de la referencia al nombre en la ruta URL"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "psirt@fortinet.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
|
"baseScore": 3.7,
|
|
"baseSeverity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "HIGH",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 2.2,
|
|
"impactScore": 1.4
|
|
},
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 1.4
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-668"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
|
|
"versionStartExcluding": "5.6.0",
|
|
"versionEndIncluding": "5.6.11",
|
|
"matchCriteriaId": "AE73DF2C-BD72-4232-8AAB-07563E97E822"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
|
|
"versionStartExcluding": "6.0.0",
|
|
"versionEndIncluding": "6.0.11",
|
|
"matchCriteriaId": "7D5C7EA7-C767-47CB-BC63-227D6BC58551"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
|
|
"versionStartExcluding": "6.2.0",
|
|
"versionEndIncluding": "6.2.9",
|
|
"matchCriteriaId": "E13E62F4-F12E-40F1-9917-E6D56D675140"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
|
|
"versionStartExcluding": "6.4.0",
|
|
"versionEndIncluding": "6.4.8",
|
|
"matchCriteriaId": "2D0C15F4-C878-485C-944C-F0B4FD5938E3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
|
|
"versionStartExcluding": "7.0.0",
|
|
"versionEndIncluding": "7.0.3",
|
|
"matchCriteriaId": "DE1CDF02-9BC0-4043-8584-A776EEED31E9"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
|
|
"versionStartExcluding": "5.6.0",
|
|
"versionEndIncluding": "5.6.11",
|
|
"matchCriteriaId": "3368EFDE-DF3B-434B-BFF7-505516DBE73F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
|
|
"versionStartExcluding": "6.0.0",
|
|
"versionEndIncluding": "6.0.11",
|
|
"matchCriteriaId": "CC647980-DBC1-496A-89EE-2CFDA64ED191"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
|
|
"versionStartExcluding": "6.2.0",
|
|
"versionEndIncluding": "6.2.9",
|
|
"matchCriteriaId": "8EBEFB74-4484-47B6-9CEC-CA96E6D297AF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
|
|
"versionStartExcluding": "6.4.0",
|
|
"versionEndIncluding": "6.4.8",
|
|
"matchCriteriaId": "263BAEBB-AF6D-4717-A6A4-E6DB6F918D10"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
|
|
"versionStartExcluding": "7.0.0",
|
|
"versionEndIncluding": "7.0.3",
|
|
"matchCriteriaId": "52730F17-9880-4D56-BE3C-8FFA04AD4909"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://fortiguard.com/psirt/FG-IR-22-026",
|
|
"source": "psirt@fortinet.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://fortiguard.com/psirt/FG-IR-22-026",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |