nvd-json-data-feeds/CVE-2021/CVE-2021-260xx/CVE-2021-26090.json

{
  "id": "CVE-2021-26090",
  "sourceIdentifier": "psirt@fortinet.com",
  "published": "2021-07-12T13:15:07.827",
  "lastModified": "2021-07-13T19:26:47.023",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de falta de liberaci\u00f3n de memoria despu\u00e9s de su vida \u00fatil en el Webmail de FortiMail versiones 6.4.0 hasta 6.4.4 y versiones 6.2.0 hasta 6.2.6, puede permitir a un atacante remoto no autenticado agotar la memoria disponible por medio de peticiones de inicio de sesi\u00f3n espec\u00edficamente dise\u00f1adas"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      },
      {
        "source": "psirt@fortinet.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "6.2.0",
              "versionEndIncluding": "6.2.6",
              "matchCriteriaId": "0EEAD569-3345-4618-A239-EEDC352C4156"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "6.4.0",
              "versionEndExcluding": "6.4.5",
              "matchCriteriaId": "5DAB4EFB-D73F-4FC5-8FE7-278BADB9F78E"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://fortiguard.com/advisory/FG-IR-21-042",
      "source": "psirt@fortinet.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}