Details of VAR-202202-1283

ID

VAR-202202-1283

CVE

CVE-2021-43062

TITLE

Fortinet FortiMail Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-004772

DESCRIPTION

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service. Fortinet FortiMail Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiMail is a suite of email security gateway products from Fortinet. The product provides features such as email security protection and data protection

Trust: 2.34

sources: NVD: CVE-2021-43062 // JVNDB: JVNDB-2022-004772 // CNVD: CNVD-2022-19073 // VULHUB: VHN-404112 // VULMON: CVE-2021-43062

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-19073

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortimail	scope:	gte	version:	7.0.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	6.2.8	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.2.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	gte	version:	6.4.0	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	7.0.2	Trust: 1.0
vendor:	fortinet	model:	fortimail	scope:	lt	version:	6.4.6	Trust: 1.0
vendor:	フォーティネット	model:	fortimail	scope:	eq	version:	7.0.0	Trust: 0.8
vendor:	フォーティネット	model:	fortimail	scope:	lte	version:	6.4.5 and earlier	Trust: 0.8
vendor:	フォーティネット	model:	fortimail	scope:	eq	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortimail	scope:	eq	version:	7.0.1	Trust: 0.8
vendor:	fortinet	model:	fortimail	scope:	eq	version:	7.0.1	Trust: 0.6
vendor:	fortinet	model:	fortimail	scope:	eq	version:	7.0.0	Trust: 0.6
vendor:	fortinet	model:	fortimail	scope:	lte	version:	<=6.4.5	Trust: 0.6
vendor:	fortinet	model:	fortimail	scope:	lte	version:	<=6.3.7	Trust: 0.6
vendor:	fortinet	model:	fortimail	scope:	lte	version:	<=6.0.11	Trust: 0.6

sources: CNVD: CNVD-2022-19073 // JVNDB: JVNDB-2022-004772 // NVD: CVE-2021-43062

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-43062
value:	MEDIUM
Trust: 1.0
psirt@fortinet.com:	CVE-2021-43062
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-43062
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-19073
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202202-128
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-404112
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-43062
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-43062
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-19073
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-404112
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-43062
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-004772
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-19073 // VULHUB: VHN-404112 // VULMON: CVE-2021-43062 // JVNDB: JVNDB-2022-004772 // CNNVD: CNNVD-202202-128 // NVD: CVE-2021-43062 // NVD: CVE-2021-43062

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-404112 // JVNDB: JVNDB-2022-004772 // NVD: CVE-2021-43062

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-128

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202202-128

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-404112

PATCH

title:	FG-IR-21-185	url:	https://www.fortiguard.com/psirt/FG-IR-21-185	Trust: 0.8
title:	Patch for Fortinet FortiMail Cross-Site Scripting Vulnerability (CNVD-2022-19073)	url:	https://www.cnvd.org.cn/patchInfo/show/325266	Trust: 0.6
title:	FortiMail Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184866	Trust: 0.6
title:	Kenzer Templates [5170] [DEPRECATED]	url:	https://github.com/ARPSyndicate/kenzer-templates	Trust: 0.1

sources: CNVD: CNVD-2022-19073 // VULMON: CVE-2021-43062 // JVNDB: JVNDB-2022-004772 // CNNVD: CNNVD-202202-128

EXTERNAL IDS

db:	NVD	id:	CVE-2021-43062	Trust: 4.0
db:	PACKETSTORM	id:	166055	Trust: 1.8
db:	JVNDB	id:	JVNDB-2022-004772	Trust: 0.8
db:	CNVD	id:	CNVD-2022-19073	Trust: 0.7
db:	CNNVD	id:	CNNVD-202202-128	Trust: 0.7
db:	EXPLOIT-DB	id:	50759	Trust: 0.7
db:	CXSECURITY	id:	WLB-2022020097	Trust: 0.6
db:	VULHUB	id:	VHN-404112	Trust: 0.1
db:	VULMON	id:	CVE-2021-43062	Trust: 0.1

sources: CNVD: CNVD-2022-19073 // VULHUB: VHN-404112 // VULMON: CVE-2021-43062 // JVNDB: JVNDB-2022-004772 // CNNVD: CNNVD-202202-128 // NVD: CVE-2021-43062

REFERENCES

url:	http://packetstormsecurity.com/files/166055/fortinet-fortimail-7.0.1-cross-site-scripting.html	Trust: 2.5
url:	https://fortiguard.com/advisory/fg-ir-21-185	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-43062	Trust: 1.4
url:	https://fortiguard.com/psirt/fg-ir-21-158	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2022020097	Trust: 0.6
url:	https://www.exploit-db.com/exploits/50759	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/arpsyndicate/kenzer-templates	Trust: 0.1

sources: CNVD: CNVD-2022-19073 // VULHUB: VHN-404112 // VULMON: CVE-2021-43062 // JVNDB: JVNDB-2022-004772 // CNNVD: CNNVD-202202-128 // NVD: CVE-2021-43062

CREDITS

Braiant Giraldo Vill

Trust: 0.6

sources: CNNVD: CNNVD-202202-128

SOURCES

db:	CNVD	id:	CNVD-2022-19073
db:	VULHUB	id:	VHN-404112
db:	VULMON	id:	CVE-2021-43062
db:	JVNDB	id:	JVNDB-2022-004772
db:	CNNVD	id:	CNNVD-202202-128
db:	NVD	id:	CVE-2021-43062

LAST UPDATE DATE

2024-08-14T15:37:42.668000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-19073	date:	2022-03-14T00:00:00
db:	VULHUB	id:	VHN-404112	date:	2022-03-04T00:00:00
db:	VULMON	id:	CVE-2021-43062	date:	2022-03-04T00:00:00
db:	JVNDB	id:	JVNDB-2022-004772	date:	2023-05-01T08:22:00
db:	CNNVD	id:	CNNVD-202202-128	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2021-43062	date:	2022-03-04T16:33:09.800

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-19073	date:	2022-03-14T00:00:00
db:	VULHUB	id:	VHN-404112	date:	2022-02-02T00:00:00
db:	VULMON	id:	CVE-2021-43062	date:	2022-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2022-004772	date:	2023-05-01T00:00:00
db:	CNNVD	id:	CNNVD-202202-128	date:	2022-02-02T00:00:00
db:	NVD	id:	CVE-2021-43062	date:	2022-02-02T11:15:07.887