ID

VAR-202112-0328


CVE

CVE-2021-43063


TITLE

Fortinet FortiWeb  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015888

DESCRIPTION

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the login webpage. Fortinet FortiWeb Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Trust: 1.71

sources: NVD: CVE-2021-43063 // JVNDB: JVNDB-2021-015888 // VULHUB: VHN-404113

AFFECTED PRODUCTS

vendor:fortinetmodel:fortiwebscope:gteversion:6.3.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:eqversion:6.4.1

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.2.6

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortiwebscope:lteversion:6.3.15

Trust: 1.0

vendor:フォーティネットmodel:fortiwebscope: - version: -

Trust: 0.8

vendor:フォーティネットmodel:fortiwebscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-015888 // NVD: CVE-2021-43063

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43063
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-43063
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-43063
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202112-647
value: MEDIUM

Trust: 0.6

VULHUB: VHN-404113
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-43063
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-404113
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-43063
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-015888
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-404113 // JVNDB: JVNDB-2021-015888 // CNNVD: CNNVD-202112-647 // NVD: CVE-2021-43063 // NVD: CVE-2021-43063

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-404113 // JVNDB: JVNDB-2021-015888 // NVD: CVE-2021-43063

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-647

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202112-647

PATCH

title:FG-IR-21-122url:https://www.fortiguard.com/psirt/FG-IR-21-122

Trust: 0.8

title:Fortinet FortiWeb Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173895

Trust: 0.6

sources: JVNDB: JVNDB-2021-015888 // CNNVD: CNNVD-202112-647

EXTERNAL IDS

db:NVDid:CVE-2021-43063

Trust: 3.3

db:JVNDBid:JVNDB-2021-015888

Trust: 0.8

db:CNNVDid:CNNVD-202112-647

Trust: 0.6

db:VULHUBid:VHN-404113

Trust: 0.1

sources: VULHUB: VHN-404113 // JVNDB: JVNDB-2021-015888 // CNNVD: CNNVD-202112-647 // NVD: CVE-2021-43063

REFERENCES

url:https://fortiguard.com/advisory/fg-ir-21-122

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-43063

Trust: 1.4

sources: VULHUB: VHN-404113 // JVNDB: JVNDB-2021-015888 // CNNVD: CNNVD-202112-647 // NVD: CVE-2021-43063

SOURCES

db:VULHUBid:VHN-404113
db:JVNDBid:JVNDB-2021-015888
db:CNNVDid:CNNVD-202112-647
db:NVDid:CVE-2021-43063

LAST UPDATE DATE

2024-08-14T15:37:50.457000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-404113date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-015888date:2022-12-01T07:34:00
db:CNNVDid:CNNVD-202112-647date:2021-12-16T00:00:00
db:NVDid:CVE-2021-43063date:2021-12-09T19:58:03.270

SOURCES RELEASE DATE

db:VULHUBid:VHN-404113date:2021-12-08T00:00:00
db:JVNDBid:JVNDB-2021-015888date:2022-12-01T00:00:00
db:CNNVDid:CNNVD-202112-647date:2021-12-08T00:00:00
db:NVDid:CVE-2021-43063date:2021-12-08T14:15:09.587