ID

VAR-202107-0626


CVE

CVE-2021-24007


TITLE

FortiMail  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-008985

DESCRIPTION

Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. FortiMail Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.34

sources: NVD: CVE-2021-24007 // JVNDB: JVNDB-2021-008985 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-382725 // VULMON: CVE-2021-24007

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimailscope:lteversion:5.4.12

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:6.0.11

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:6.4.4

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:5.6.1

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:6.2.7

Trust: 1.0

vendor:フォーティネットmodel:fortimailscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope:eqversion:6.4.4

Trust: 0.8

sources: JVNDB: JVNDB-2021-008985 // NVD: CVE-2021-24007

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-24007
value: CRITICAL

Trust: 1.0

psirt@fortinet.com: CVE-2021-24007
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-24007
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202107-561
value: CRITICAL

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-382725
value: HIGH

Trust: 0.1

VULMON: CVE-2021-24007
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-24007
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-382725
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-24007
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-008985
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-382725 // VULMON: CVE-2021-24007 // JVNDB: JVNDB-2021-008985 // CNNVD: CNNVD-202107-561 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-24007 // NVD: CVE-2021-24007

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.1

problemtype:SQL injection (CWE-89) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-382725 // JVNDB: JVNDB-2021-008985 // NVD: CVE-2021-24007

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-561

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202107-561

PATCH

title:FG-IR-21-012url:https://fortiguard.com/advisory/FG-IR-21-012

Trust: 0.8

sources: JVNDB: JVNDB-2021-008985

EXTERNAL IDS

db:NVDid:CVE-2021-24007

Trust: 3.4

db:JVNDBid:JVNDB-2021-008985

Trust: 0.8

db:AUSCERTid:ESB-2021.2380

Trust: 0.6

db:CS-HELPid:SB2021071352

Trust: 0.6

db:CNNVDid:CNNVD-202107-561

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-382725

Trust: 0.1

db:VULMONid:CVE-2021-24007

Trust: 0.1

sources: VULHUB: VHN-382725 // VULMON: CVE-2021-24007 // JVNDB: JVNDB-2021-008985 // CNNVD: CNNVD-202107-561 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-24007

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-012

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-24007

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.2380

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071352

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/89.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-382725 // VULMON: CVE-2021-24007 // JVNDB: JVNDB-2021-008985 // CNNVD: CNNVD-202107-561 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-24007

SOURCES

db:VULHUBid:VHN-382725
db:VULMONid:CVE-2021-24007
db:JVNDBid:JVNDB-2021-008985
db:CNNVDid:CNNVD-202107-561
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-24007

LAST UPDATE DATE

2024-08-14T13:06:23.876000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-382725date:2021-07-12T00:00:00
db:VULMONid:CVE-2021-24007date:2021-07-12T00:00:00
db:JVNDBid:JVNDB-2021-008985date:2022-04-01T09:03:00
db:CNNVDid:CNNVD-202107-561date:2021-07-15T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-24007date:2021-07-12T13:54:27.457

SOURCES RELEASE DATE

db:VULHUBid:VHN-382725date:2021-07-09T00:00:00
db:VULMONid:CVE-2021-24007date:2021-07-09T00:00:00
db:JVNDBid:JVNDB-2021-008985date:2022-04-01T00:00:00
db:CNNVDid:CNNVD-202107-561date:2021-07-09T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-24007date:2021-07-09T19:15:08.133