ID

VAR-202003-0755


CVE

CVE-2019-16156


TITLE

Fortinet FortiWeb Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-014907

DESCRIPTION

An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS). Fortinet FortiWeb Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.8

sources: NVD: CVE-2019-16156 // JVNDB: JVNDB-2019-014907 // VULHUB: VHN-148274 // VULMON: CVE-2019-16156

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:eqversion:6.2.0

Trust: 1.8

vendor:fortinetmodel:fortiwebscope:gteversion:6.1.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.0.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.0.5

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.1.1

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.0.5

Trust: 0.8

vendor:fortinetmodel:fortiwebscope:eqversion:6.1.1

Trust: 0.8

sources: JVNDB: JVNDB-2019-014907 // NVD: CVE-2019-16156

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-16156
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-014907
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202003-704
value: MEDIUM

Trust: 0.6

VULHUB: VHN-148274
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-16156
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-16156
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-014907
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-148274
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-16156
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014907
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-148274 // VULMON: CVE-2019-16156 // JVNDB: JVNDB-2019-014907 // CNNVD: CNNVD-202003-704 // NVD: CVE-2019-16156

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-148274 // JVNDB: JVNDB-2019-014907 // NVD: CVE-2019-16156

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-704

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202003-704

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014907

PATCH

title:FG-IR-19-265url:https://fortiguard.com/psirt/FG-IR-19-265

Trust: 0.8

title:Fortinet FortiWeb Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112506

Trust: 0.6

sources: JVNDB: JVNDB-2019-014907 // CNNVD: CNNVD-202003-704

EXTERNAL IDS

db:NVDid:CVE-2019-16156

Trust: 2.6

db:JVNDBid:JVNDB-2019-014907

Trust: 0.8

db:CNNVDid:CNNVD-202003-704

Trust: 0.7

db:AUSCERTid:ESB-2020.0899

Trust: 0.6

db:CNVDid:CNVD-2020-19908

Trust: 0.1

db:VULHUBid:VHN-148274

Trust: 0.1

db:VULMONid:CVE-2019-16156

Trust: 0.1

sources: VULHUB: VHN-148274 // VULMON: CVE-2019-16156 // JVNDB: JVNDB-2019-014907 // CNNVD: CNNVD-202003-704 // NVD: CVE-2019-16156

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-19-265

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-16156

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16156

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.0899/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-148274 // VULMON: CVE-2019-16156 // JVNDB: JVNDB-2019-014907 // CNNVD: CNNVD-202003-704 // NVD: CVE-2019-16156

SOURCES

db:VULHUBid:VHN-148274
db:VULMONid:CVE-2019-16156
db:JVNDBid:JVNDB-2019-014907
db:CNNVDid:CNNVD-202003-704
db:NVDid:CVE-2019-16156

LAST UPDATE DATE

2024-08-14T14:44:58.447000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-148274date:2020-03-17T00:00:00
db:VULMONid:CVE-2019-16156date:2020-03-17T00:00:00
db:JVNDBid:JVNDB-2019-014907date:2020-03-27T00:00:00
db:CNNVDid:CNNVD-202003-704date:2020-03-18T00:00:00
db:NVDid:CVE-2019-16156date:2020-03-17T19:57:14.853

SOURCES RELEASE DATE

db:VULHUBid:VHN-148274date:2020-03-12T00:00:00
db:VULMONid:CVE-2019-16156date:2020-03-12T00:00:00
db:JVNDBid:JVNDB-2019-014907date:2020-03-27T00:00:00
db:CNNVDid:CNNVD-202003-704date:2020-03-12T00:00:00
db:NVDid:CVE-2019-16156date:2020-03-12T22:15:14.827