ID

VAR-202202-1283


CVE

CVE-2021-43062


TITLE

Fortinet FortiMail  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-004772

DESCRIPTION

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service. Fortinet FortiMail Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiMail is a suite of email security gateway products from Fortinet. The product provides features such as email security protection and data protection

Trust: 2.34

sources: NVD: CVE-2021-43062 // JVNDB: JVNDB-2022-004772 // CNVD: CNVD-2022-19073 // VULHUB: VHN-404112 // VULMON: CVE-2021-43062

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-19073

AFFECTED PRODUCTS

vendor:fortinetmodel:fortimailscope:gteversion:7.0.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:6.2.8

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.2.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:gteversion:6.4.0

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:7.0.2

Trust: 1.0

vendor:fortinetmodel:fortimailscope:ltversion:6.4.6

Trust: 1.0

vendor:フォーティネットmodel:fortimailscope:eqversion:7.0.0

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope:lteversion:6.4.5 and earlier

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortimailscope:eqversion:7.0.1

Trust: 0.8

vendor:fortinetmodel:fortimailscope:eqversion:7.0.1

Trust: 0.6

vendor:fortinetmodel:fortimailscope:eqversion:7.0.0

Trust: 0.6

vendor:fortinetmodel:fortimailscope:lteversion:<=6.4.5

Trust: 0.6

vendor:fortinetmodel:fortimailscope:lteversion:<=6.3.7

Trust: 0.6

vendor:fortinetmodel:fortimailscope:lteversion:<=6.0.11

Trust: 0.6

sources: CNVD: CNVD-2022-19073 // JVNDB: JVNDB-2022-004772 // NVD: CVE-2021-43062

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43062
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2021-43062
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-43062
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2022-19073
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202202-128
value: MEDIUM

Trust: 0.6

VULHUB: VHN-404112
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-43062
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-43062
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-19073
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-404112
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-43062
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 2.0

OTHER: JVNDB-2022-004772
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-19073 // VULHUB: VHN-404112 // VULMON: CVE-2021-43062 // JVNDB: JVNDB-2022-004772 // CNNVD: CNNVD-202202-128 // NVD: CVE-2021-43062 // NVD: CVE-2021-43062

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-404112 // JVNDB: JVNDB-2022-004772 // NVD: CVE-2021-43062

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-128

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202202-128

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-404112

PATCH

title:FG-IR-21-185url:https://www.fortiguard.com/psirt/FG-IR-21-185

Trust: 0.8

title:Patch for Fortinet FortiMail Cross-Site Scripting Vulnerability (CNVD-2022-19073)url:https://www.cnvd.org.cn/patchInfo/show/325266

Trust: 0.6

title:FortiMail Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184866

Trust: 0.6

title:Kenzer Templates [5170] [DEPRECATED]url:https://github.com/ARPSyndicate/kenzer-templates

Trust: 0.1

sources: CNVD: CNVD-2022-19073 // VULMON: CVE-2021-43062 // JVNDB: JVNDB-2022-004772 // CNNVD: CNNVD-202202-128

EXTERNAL IDS

db:NVDid:CVE-2021-43062

Trust: 4.0

db:PACKETSTORMid:166055

Trust: 1.8

db:JVNDBid:JVNDB-2022-004772

Trust: 0.8

db:CNVDid:CNVD-2022-19073

Trust: 0.7

db:CNNVDid:CNNVD-202202-128

Trust: 0.7

db:EXPLOIT-DBid:50759

Trust: 0.7

db:CXSECURITYid:WLB-2022020097

Trust: 0.6

db:VULHUBid:VHN-404112

Trust: 0.1

db:VULMONid:CVE-2021-43062

Trust: 0.1

sources: CNVD: CNVD-2022-19073 // VULHUB: VHN-404112 // VULMON: CVE-2021-43062 // JVNDB: JVNDB-2022-004772 // CNNVD: CNNVD-202202-128 // NVD: CVE-2021-43062

REFERENCES

url:http://packetstormsecurity.com/files/166055/fortinet-fortimail-7.0.1-cross-site-scripting.html

Trust: 2.5

url:https://fortiguard.com/advisory/fg-ir-21-185

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-43062

Trust: 1.4

url:https://fortiguard.com/psirt/fg-ir-21-158

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2022020097

Trust: 0.6

url:https://www.exploit-db.com/exploits/50759

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/arpsyndicate/kenzer-templates

Trust: 0.1

sources: CNVD: CNVD-2022-19073 // VULHUB: VHN-404112 // VULMON: CVE-2021-43062 // JVNDB: JVNDB-2022-004772 // CNNVD: CNNVD-202202-128 // NVD: CVE-2021-43062

CREDITS

Braiant Giraldo Vill

Trust: 0.6

sources: CNNVD: CNNVD-202202-128

SOURCES

db:CNVDid:CNVD-2022-19073
db:VULHUBid:VHN-404112
db:VULMONid:CVE-2021-43062
db:JVNDBid:JVNDB-2022-004772
db:CNNVDid:CNNVD-202202-128
db:NVDid:CVE-2021-43062

LAST UPDATE DATE

2024-08-14T15:37:42.668000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-19073date:2022-03-14T00:00:00
db:VULHUBid:VHN-404112date:2022-03-04T00:00:00
db:VULMONid:CVE-2021-43062date:2022-03-04T00:00:00
db:JVNDBid:JVNDB-2022-004772date:2023-05-01T08:22:00
db:CNNVDid:CNNVD-202202-128date:2022-03-10T00:00:00
db:NVDid:CVE-2021-43062date:2022-03-04T16:33:09.800

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-19073date:2022-03-14T00:00:00
db:VULHUBid:VHN-404112date:2022-02-02T00:00:00
db:VULMONid:CVE-2021-43062date:2022-02-02T00:00:00
db:JVNDBid:JVNDB-2022-004772date:2023-05-01T00:00:00
db:CNNVDid:CNNVD-202202-128date:2022-02-02T00:00:00
db:NVDid:CVE-2021-43062date:2022-02-02T11:15:07.887