CWE-610
DiscouragedExternally Controlled Reference to a Resource in Another Sphere
Abstraction: Class · Status: Draft
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
278 vulnerabilities reference this CWE, most recent first.
CVE-2022-27593 (GCVE-0-2022-27593)
Vulnerability from cvelistv5 – Published: 2022-09-08 11:00 – Updated: 2025-10-21 23:15- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
| URL | Tags |
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-22-24 | x_refsource_MISC |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | Photo Station |
Affected:
unspecified , < 6.1.2
(custom)
|
|
| QNAP Systems Inc. | Photo Station |
Affected:
unspecified , < 6.0.22
(custom)
|
|
| QNAP Systems Inc. | Photo Station |
Affected:
unspecified , < 5.7.18
(custom)
|
|
| QNAP Systems Inc. | Photo Station |
Affected:
unspecified , < 5.4.15
(custom)
|
|
| QNAP Systems Inc. | Photo Station |
Affected:
unspecified , < 5.2.14
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-24"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-27593",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-22T05:00:57.633423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-09-08",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27593"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:35.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27593"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-09-08T00:00:00.000Z",
"value": "CVE-2022-27593 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"QTS 5.0.1"
],
"product": "Photo Station",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "6.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 5.0.0"
],
"product": "Photo Station",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "6.0.22",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.5.x"
],
"product": "Photo Station",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "6.0.22",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.3.6"
],
"product": "Photo Station",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.7.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.3.3"
],
"product": "Photo Station",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.4.15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"QTS 4.2.6"
],
"product": "Photo Station",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.2.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-09-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T11:00:14.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/en/security-advisory/qsa-22-24"
}
],
"solutions": [
{
"lang": "en",
"value": "QNAP have already fixed the vulnerability in the following versions: \nQTS 5.0.1: Photo Station 6.1.2 and later\nQTS 5.0.0/4.5.x: Photo Station 6.0.22 and later\nQTS 4.3.6: Photo Station 5.7.18 and later\nQTS 4.3.3: Photo Station 5.4.15 and later\nQTS 4.2.6: Photo Station 5.2.14 and later"
}
],
"source": {
"advisory": "QSA-22-24",
"discovery": "USER"
},
"title": "DeadBolt Ransomware",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "DeadBolt Ransomware 0903",
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2022-09-08T07:46:00.000Z",
"ID": "CVE-2022-27593",
"STATE": "PUBLIC",
"TITLE": "DeadBolt Ransomware"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo Station",
"version": {
"version_data": [
{
"platform": "QTS 5.0.1",
"version_affected": "\u003c",
"version_value": "6.1.2"
},
{
"platform": "QTS 5.0.0",
"version_affected": "\u003c",
"version_value": "6.0.22"
},
{
"platform": "QTS 4.5.x",
"version_affected": "\u003c",
"version_value": "6.0.22"
},
{
"platform": "QTS 4.3.6",
"version_affected": "\u003c",
"version_value": "5.7.18"
},
{
"platform": "QTS 4.3.3",
"version_affected": "\u003c",
"version_value": "5.4.15"
},
{
"platform": "QTS 4.2.6",
"version_affected": "\u003c",
"version_value": "5.2.14"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions: QTS 5.0.1: Photo Station 6.1.2 and later QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later QTS 4.3.6: Photo Station 5.7.18 and later QTS 4.3.3: Photo Station 5.4.15 and later QTS 4.2.6: Photo Station 5.2.14 and later"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/qsa-22-24",
"refsource": "MISC",
"url": "https://www.qnap.com/en/security-advisory/qsa-22-24"
}
]
},
"solution": [
{
"lang": "en",
"value": "QNAP have already fixed the vulnerability in the following versions: \nQTS 5.0.1: Photo Station 6.1.2 and later\nQTS 5.0.0/4.5.x: Photo Station 6.0.22 and later\nQTS 4.3.6: Photo Station 5.7.18 and later\nQTS 4.3.3: Photo Station 5.4.15 and later\nQTS 4.2.6: Photo Station 5.2.14 and later"
}
],
"source": {
"advisory": "QSA-22-24",
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2022-27593",
"datePublished": "2022-09-08T11:00:15.069Z",
"dateReserved": "2022-03-21T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:35.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24854 (GCVE-0-2022-24854)
Vulnerability from cvelistv5 – Published: 2022-04-14 21:40 – Updated: 2025-04-23 18:39- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
| URL | Tags |
|---|---|
| https://github.com/metabase/metabase/security/adv… | x_refsource_CONFIRM |
| https://www.sqlite.org/lang_attach.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-vm79-xvmp-7329"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sqlite.org/lang_attach.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:54:14.878168Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:39:11.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "metabase",
"vendor": "metabase",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.41.0, \u003c 1.41.7"
},
{
"status": "affected",
"version": "\u003e= 0.41.0, \u003c 0.41.7"
},
{
"status": "affected",
"version": "\u003e= 1.42.0, \u003c 1.42.4"
},
{
"status": "affected",
"version": "\u003e= 0.42.0, \u003c 0.42.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach this database to a second database, and then it can query across all the tables. To be able to do that the attacker also needs to know the file path to the second database. Users are advised to upgrade as soon as possible. If you\u0027re unable to upgrade, you can modify your SQLIte connection strings to contain the url argument `?limit_attached=0`, which will disallow making connections to other SQLite databases. Only users making use of SQLite are affected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-14T21:40:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-vm79-xvmp-7329"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sqlite.org/lang_attach.html"
}
],
"source": {
"advisory": "GHSA-vm79-xvmp-7329",
"discovery": "UNKNOWN"
},
"title": "Database bypassing any permissions in Metabase via SQlite attach",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24854",
"STATE": "PUBLIC",
"TITLE": "Database bypassing any permissions in Metabase via SQlite attach"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "metabase",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.41.0, \u003c 1.41.7"
},
{
"version_value": "\u003e= 0.41.0, \u003c 0.41.7"
},
{
"version_value": "\u003e= 1.42.0, \u003c 1.42.4"
},
{
"version_value": "\u003e= 0.42.0, \u003c 0.42.4"
}
]
}
}
]
},
"vendor_name": "metabase"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called `ATTACH DATABASE`, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach this database to a second database, and then it can query across all the tables. To be able to do that the attacker also needs to know the file path to the second database. Users are advised to upgrade as soon as possible. If you\u0027re unable to upgrade, you can modify your SQLIte connection strings to contain the url argument `?limit_attached=0`, which will disallow making connections to other SQLite databases. Only users making use of SQLite are affected."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/metabase/metabase/security/advisories/GHSA-vm79-xvmp-7329",
"refsource": "CONFIRM",
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-vm79-xvmp-7329"
},
{
"name": "https://www.sqlite.org/lang_attach.html",
"refsource": "MISC",
"url": "https://www.sqlite.org/lang_attach.html"
}
]
},
"source": {
"advisory": "GHSA-vm79-xvmp-7329",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24854",
"datePublished": "2022-04-14T21:40:11.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:39:11.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23439 (GCVE-0-2022-23439)
Vulnerability from cvelistv5 – Published: 2025-01-22 09:10 – Updated: 2026-01-14 13:06- CWE-610 - Improper access control
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiTester |
Affected:
7.2.0 , ≤ 7.2.1
(semver)
Affected: 7.1.0 , ≤ 7.1.1 (semver) Affected: 7.0.0 Affected: 4.2.0 , ≤ 4.2.1 (semver) Affected: 4.1.0 , ≤ 4.1.1 (semver) Affected: 4.0.0 Affected: 3.9.0 , ≤ 3.9.2 (semver) Affected: 3.8.0 Affected: 3.7.0 , ≤ 3.7.1 (semver) Affected: 3.6.0 Affected: 3.5.0 , ≤ 3.5.1 (semver) Affected: 3.4.0 Affected: 3.3.0 , ≤ 3.3.1 (semver) cpe:2.3:a:fortinet:fortitester:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:4.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:3.9.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:3.9.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:3.9.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:3.8.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:3.7.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:3.7.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:3.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:3.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:3.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortitester:3.3.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiOS |
Affected:
7.2.0
Affected: 7.0.0 , ≤ 7.0.5 (semver) Affected: 6.4.0 , ≤ 6.4.16 (semver) Affected: 6.2.0 , ≤ 6.2.17 (semver) Affected: 6.0.0 , ≤ 6.0.18 (semver) Affected: 6.4.0 , < 6.4.* (semver) cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.17:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:6.4.*:*:*:*:*:*:*:* |
|
| Fortinet | FortiRecorder |
Affected:
6.4.0 , ≤ 6.4.2
(semver)
Affected: 6.0.0 , ≤ 6.0.10 (semver) Affected: 2.7.0 , ≤ 2.7.7 (semver) Affected: 2.6.0 , ≤ 2.6.3 (semver) cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:6.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:2.7.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:2.7.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:2.7.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:2.7.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:2.7.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:2.7.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:2.7.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:2.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortirecorder:2.6.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiNDR |
Affected:
7.2.0
Affected: 7.1.0 Affected: 7.0.0 , ≤ 7.0.7 (semver) Affected: 1.5.0 , ≤ 1.5.3 (semver) Affected: 1.4.0 Affected: 1.3.0 , ≤ 1.3.1 (semver) Affected: 1.2.0 Affected: 1.1.0 cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.3.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortindr:1.1.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiADC |
Affected:
7.0.0 , ≤ 7.0.1
(semver)
Affected: 6.2.0 , ≤ 6.2.3 (semver) Affected: 6.1.0 , ≤ 6.1.6 (semver) Affected: 6.0.0 , ≤ 6.0.4 (semver) Affected: 5.4.0 , ≤ 5.4.5 (semver) Affected: 5.3.0 , ≤ 5.3.7 (semver) Affected: 5.2.0 , ≤ 5.2.8 (semver) Affected: 5.1.0 , ≤ 5.1.7 (semver) Affected: 5.0.0 , ≤ 5.0.4 (semver) cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.1.7:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.1.6:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.1.5:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.1.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.1.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.1.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.1.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.1.0:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.0.4:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.0.3:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.0.2:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.0.1:*:*:*:*:*:*:* cpe:2.3:h:fortinet:fortiadc:5.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiManager |
Affected:
7.4.0 , ≤ 7.4.3
(semver)
Affected: 7.2.0 , ≤ 7.2.11 (semver) Affected: 7.0.0 , ≤ 7.0.15 (semver) Affected: 6.4.0 , ≤ 6.4.15 (semver) Affected: 6.2.0 , ≤ 6.2.13 (semver) cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiVoice |
Affected:
7.0.0 , ≤ 7.0.1
(semver)
Affected: 6.4.0 , ≤ 6.4.8 (semver) Affected: 6.0.0 , ≤ 6.0.11 (semver) cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSOAR on-premise |
Affected:
7.2.0 , ≤ 7.2.2
(semver)
Affected: 7.0.0 , ≤ 7.0.3 (semver) Affected: 6.4.3 , ≤ 6.4.4 (semver) Affected: 6.4.0 , ≤ 6.4.1 (semver) cpe:2.3:a:fortinet:fortisoaron-premise:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoaron-premise:6.4.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiDDoS |
Affected:
5.5.0 , ≤ 5.5.1
(semver)
Affected: 5.4.0 , ≤ 5.4.3 (semver) Affected: 5.3.0 , ≤ 5.3.2 (semver) Affected: 5.2.0 Affected: 5.1.0 Affected: 5.0.0 Affected: 4.7.0 Affected: 4.6.0 Affected: 4.5.0 cpe:2.3:o:fortinet:fortiddos:5.5.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.5.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiWLC |
Affected:
8.6.0 , ≤ 8.6.7
(semver)
Affected: 8.5.0 , ≤ 8.5.5 (semver) Affected: 8.4.4 , ≤ 8.4.8 (semver) Affected: 8.4.0 , ≤ 8.4.2 (semver) cpe:2.3:a:fortinet:fortiwlc:8.6.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.6.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.6.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.6.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.6.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.6.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.6.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.5.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.5.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiAnalyzer |
Affected:
7.4.0 , ≤ 7.4.2
(semver)
Affected: 7.2.0 , ≤ 7.2.11 (semver) Affected: 7.0.0 , ≤ 7.0.15 (semver) Affected: 6.4.0 , ≤ 6.4.15 (semver) Affected: 6.2.0 , ≤ 6.2.13 (semver) cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiPortal |
Affected:
6.0.0 , ≤ 6.0.9
(semver)
cpe:2.3:a:fortinet:fortiportal:6.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:6.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:6.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiportal:6.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiAuthenticator |
Affected:
6.4.0 , ≤ 6.4.1
(semver)
Affected: 6.3.0 , ≤ 6.3.3 (semver) Affected: 6.2.0 , ≤ 6.2.2 (semver) Affected: 6.1.0 , ≤ 6.1.3 (semver) Affected: 6.0.0 , ≤ 6.0.8 (semver) Affected: 5.5.0 Affected: 5.4.0 , ≤ 5.4.1 (semver) Affected: 5.3.0 , ≤ 5.3.1 (semver) Affected: 5.2.0 , ≤ 5.2.2 (semver) Affected: 5.1.0 , ≤ 5.1.2 (semver) cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.1.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:6.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:5.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:5.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:5.3.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:5.3.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:5.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:5.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:5.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:5.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:5.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiauthenticator:5.1.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiMail |
Affected:
7.0.0 , ≤ 7.0.3
(semver)
Affected: 6.4.0 , ≤ 6.4.8 (semver) Affected: 6.2.0 , ≤ 6.2.9 (semver) Affected: 6.0.0 , ≤ 6.0.12 (semver) Affected: 5.4.0 , ≤ 5.4.12 (semver) cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiDDoS-F |
Affected:
6.3.0 , ≤ 6.3.3
(semver)
Affected: 6.2.0 , ≤ 6.2.3 (semver) Affected: 6.1.0 , ≤ 6.1.5 (semver) cpe:2.3:o:fortinet:fortiddos-f:6.3.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos-f:6.3.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos-f:6.3.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos-f:6.3.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos-f:6.2.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos-f:6.2.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos-f:6.2.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos-f:6.2.0:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos-f:6.1.5:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos-f:6.1.4:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos-f:6.1.3:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos-f:6.1.2:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos-f:6.1.1:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortiddos-f:6.1.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiSwitch |
Affected:
7.0.0 , ≤ 7.0.4
(semver)
Affected: 6.4.0 , ≤ 6.4.10 (semver) Affected: 6.2.0 , ≤ 6.2.8 (semver) Affected: 6.0.0 , ≤ 6.0.7 (semver) cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:* |
|
| Fortinet | FortiProxy |
Affected:
7.0.0 , ≤ 7.0.4
(semver)
Affected: 2.0.0 , ≤ 2.0.14 (semver) Affected: 1.2.0 , ≤ 1.2.13 (semver) Affected: 1.1.0 , ≤ 1.1.6 (semver) Affected: 1.0.0 , ≤ 1.0.7 (semver) cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:2.0.14:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:2.0.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:2.0.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:2.0.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:2.0.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:2.0.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:2.0.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:2.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:2.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:2.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:2.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:2.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:2.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.2.13:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.2.12:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.2.11:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.2.10:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.1.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.1.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.1.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.1.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.1.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.1.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.1.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.0.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.0.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.0.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.0.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.0.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.0.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.0.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:1.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23439",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T14:21:27.552014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T14:21:36.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:fortitester:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:4.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:4.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:4.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:4.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:4.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:3.9.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:3.9.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:3.9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:3.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:3.7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:3.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:3.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:3.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:3.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:3.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:3.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortitester:3.3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiTester",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"lessThanOrEqual": "4.2.1",
"status": "affected",
"version": "4.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.1.1",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.0.0"
},
{
"lessThanOrEqual": "3.9.2",
"status": "affected",
"version": "3.9.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.8.0"
},
{
"lessThanOrEqual": "3.7.1",
"status": "affected",
"version": "3.7.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.6.0"
},
{
"lessThanOrEqual": "3.5.1",
"status": "affected",
"version": "3.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"lessThanOrEqual": "3.3.1",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.16:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.17:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.16:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.0.18:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.0.17:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.0.16:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.0.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.0.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortios:6.4.*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiOS",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"lessThanOrEqual": "7.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.16",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.17",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.18",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThan": "6.4.*",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortirecorder:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.7.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.7.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.7.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.7.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.7.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.7.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.7.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortirecorder:2.6.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiRecorder",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.10",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.7.7",
"status": "affected",
"version": "2.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.6.3",
"status": "affected",
"version": "2.6.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortindr:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortindr:1.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiNDR",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.1.0"
},
{
"lessThanOrEqual": "7.0.7",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.3",
"status": "affected",
"version": "1.5.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.4.0"
},
{
"lessThanOrEqual": "1.3.1",
"status": "affected",
"version": "1.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.2.0"
},
{
"status": "affected",
"version": "1.1.0"
}
]
},
{
"cpes": [
"cpe:2.3:h:fortinet:fortiadc:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.2.8:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.2.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.2.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.2.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.2.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.2.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.2.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.2.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.1.7:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.1.6:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.1.5:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.1.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.1.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.1.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.1.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.0.4:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.0.3:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.0.2:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.0.1:*:*:*:*:*:*:*",
"cpe:2.3:h:fortinet:fortiadc:5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiADC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.1",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.3",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.6",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.4",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.5",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.3.7",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.8",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.1.7",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.0.4",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiManager",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.3",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.15",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.15",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.13",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortivoice:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortivoice:6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiVoice",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.1",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.8",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.11",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortisoaron-premise:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortisoaron-premise:6.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSOAR on-premise",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.4",
"status": "affected",
"version": "6.4.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.1",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortiddos:5.5.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.5.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.3.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:5.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos:4.5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiDDoS",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "5.5.1",
"status": "affected",
"version": "5.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.3",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.3.2",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.2.0"
},
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.0"
},
{
"status": "affected",
"version": "4.7.0"
},
{
"status": "affected",
"version": "4.6.0"
},
{
"status": "affected",
"version": "4.5.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiwlc:8.6.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.6.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.6.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.6.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.6.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.6.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.6.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.5.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.5.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiWLC",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "8.6.7",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.5",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.4.8",
"status": "affected",
"version": "8.4.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.4.2",
"status": "affected",
"version": "8.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.13:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.12:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.11:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.10:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.9:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.8:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiAnalyzer",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.11",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.15",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.15",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.13",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiportal:6.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:6.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiportal:6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiPortal",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "6.0.9",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiauthenticator:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.3.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.3.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:5.5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:5.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:5.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:5.3.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:5.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:5.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:5.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:5.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:5.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:5.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiauthenticator:5.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiAuthenticator",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "6.4.1",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.3",
"status": "affected",
"version": "6.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.2",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.3",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.8",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.5.0"
},
{
"lessThanOrEqual": "5.4.1",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.3.1",
"status": "affected",
"version": "5.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.2.2",
"status": "affected",
"version": "5.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.1.2",
"status": "affected",
"version": "5.1.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortimail:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:6.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortimail:5.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiMail",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.8",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.9",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.12",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.12",
"status": "affected",
"version": "5.4.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fortinet:fortiddos-f:6.3.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.3.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.3.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.3.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.1.5:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.1.4:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.1.3:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.1.2:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:fortinet:fortiddos-f:6.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiDDoS-F",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "6.3.3",
"status": "affected",
"version": "6.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.3",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.5",
"status": "affected",
"version": "6.1.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiswitch:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.4.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.4.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.4.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.4.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.4.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.4.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.4.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiswitch:6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiSwitch",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.4",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.4.10",
"status": "affected",
"version": "6.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.8",
"status": "affected",
"version": "6.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.7",
"status": "affected",
"version": "6.0.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:fortinet:fortiproxy:7.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:2.0.14:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:2.0.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:2.0.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:2.0.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:2.0.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:2.0.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:2.0.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:2.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:2.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:2.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:2.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:2.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:2.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:2.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.2.13:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.2.12:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.2.11:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.2.10:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.1.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.1.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.1.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.1.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.0.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.0.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.0.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.0.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:fortiproxy:1.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiProxy",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.0.4",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.14",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.2.13",
"status": "affected",
"version": "1.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.1.6",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.0.7",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A externally controlled reference to a resource in another sphere vulnerability in Fortinet allows attacker to poison web caches via crafted HTTP requests, where the `Host` header points to an arbitrary webserver"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T13:06:07.365Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.com/psirt/FG-IR-23-494",
"url": "https://fortiguard.com/psirt/FG-IR-23-494"
}
],
"solutions": [
{
"lang": "en",
"value": "FortiOS\nAdministrative Interface\nUpgrade to FortiOS version 7.0.6 and above,\nUpgrade to FortiOS version 7.2.1 and above.\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nSSLVPN interface\nUpgrade to FortiOS version 7.4.0 or above\nUpgrade to FortiOS version 7.2.5 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebfilter interface (port 8008)\nUpgrade to FortiOS version 7.4.0 or above\nUpgrade to FortiOS version 7.2.5 or above\nUpgrade to FortiOS version 7.0.12 or above\nUpgrade to FortiOS version 6.4.13 or above\n\nFortiProxy\nAdministrative Interface\nUpgrade to FortiProxy version 7.0.5 and above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nSSLVPN interface\nUpgrade to FortiProxy version 7.4.0 or above\nAND\nSet the `server-hostname` property to the device hostname, which will disable `Host redirection` for SSL VPN:\nconfig vpn ssl settings\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0set server-hostname Server hostname for HTTPS. When set, will be used for SSL VPN web proxy host header for any redirection.\n\nWebFilter\u00a0interface (port 8008)\nUpgrade to FortiProxy version 7.4.0 or above\n\nUpgrade to FortiRecorder version 7.0.0 or above \nUpgrade to FortiRecorder version 6.4.3 or above \nUpgrade to FortiRecorder version 6.0.11 or above \nUpgrade to FortiNDR version 7.4.0 or above\n\nFortiAnalyzer \u0026 FortiManager\n\nUpgrade to version 7.6.0 or above \nUpgrade to version 7.4.4 or above \n\nSet the `admin-host` property to the device hostname, which will disable `Host redirection` for administrative interface.\nconfig system global\n set admin-host \nend\n\nFortiNDR\nUpgrade to FortiNDR version 7.2.1 or above\nUpgrade to FortiNDR version 7.1.1 or above\nAND\nSet the `https-redirect-host` property to the device hostname, which will disable `Host redirection`:\nconfig system global\n\u00a0 \u00a0 set https-redirect-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\nend\n\nFortiADC\nUpgrade to FortiADC version 7.1.0 or above\nUpgrade to FortiADC version 7.0.2 or above\nUpgrade to FortiADC version 6.2.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n\u00a0 config system global\n\u00a0 \u00a0 set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\"\n\nFortiDDOS-F\nUpgrade to FortiDDoS-F version 6.4.0 or above\nUpgrade to FortiDDoS-F version 6.3.4 or above\nAND\nSet the `admin-host` property to the device hostname, which will disable `Host redirection`:\n\u00a0 config system global\n\u00a0 \u00a0 set admin-host \"Administrative host for HTTP and HTTPs. When set, will be used in lieu of the client\u0027s Host header for any redirection\" \n\nUpgrade to FortiSwitch version 7.2.0 or above \nUpgrade to FortiSwitch version 7.0.5 or above \nUpgrade to FortiSwitch version 6.4.11 or above \nUpgrade to FortiVoice version 7.0.2 or above\nUpgrade to FortiVoice version 6.4.9 or above\nUpgrade to FortiMail version 7.2.0 or above \nUpgrade to FortiMail version 7.0.4 or above \nUpgrade to FortiWLC version 8.6.7 or above \nUpgrade to FortiAuthenticator version 6.4.2 or above \nUpgrade to FortiAuthenticator version 6.3.4 or above \nUpgrade to FortiDDoS version 5.6.0 or above \nUpgrade to FortiDDoS version 5.5.2 or above \nUpgrade to FortiSOAR version 7.3.0 or above \nUpgrade to FortiTester version 7.3.0 or above \nUpgrade to FortiTester version 7.2.2 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2022-23439",
"datePublished": "2025-01-22T09:10:28.669Z",
"dateReserved": "2022-01-19T07:38:03.512Z",
"dateUpdated": "2026-01-14T13:06:07.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-43844 (GCVE-0-2021-43844)
Vulnerability from cvelistv5 – Published: 2021-12-20 21:20 – Updated: 2024-08-04 04:10- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
| URL | Tags |
|---|---|
| https://github.com/rcmaehl/MSEdgeRedirect/securit… | x_refsource_CONFIRM |
| https://github.com/rcmaehl/MSEdgeRedirect/release… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| rcmaehl | MSEdgeRedirect |
Affected:
< 0.5.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:16.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rcmaehl/MSEdgeRedirect/security/advisories/GHSA-95v4-748v-fmf9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rcmaehl/MSEdgeRedirect/releases/tag/0.5.0.1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MSEdgeRedirect",
"vendor": "rcmaehl",
"versions": [
{
"status": "affected",
"version": "\u003c 0.5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MSEdgeRedirect is a tool to redirect news, search, widgets, weather, and more to a user\u0027s default browser. MSEdgeRedirect versions before 0.5.0.1 are vulnerable to Remote Code Execution via specifically crafted URLs. This vulnerability requires user interaction and the acceptance of a prompt. With how MSEdgeRedirect is coded, parameters are impossible to pass to any launched file. However, there are two possible scenarios in which an attacker can do more than a minor annoyance. In Scenario 1 (confirmed), a user visits an attacker controlled webpage; the user is prompted with, and downloads, an executable payload; the user is prompted with, and accepts, the aforementioned crafted URL prompt; and RCE executes the payload the user previously downloaded, if the download path is successfully guessed. In Scenario 2 (not yet confirmed), a user visits an attacked controlled webpage; the user is prompted with, and accepts, the aforementioned crafted URL prompt; and a payload on a remote, attacker controlled, SMB server is executed. The issue was found in the _DecodeAndRun() function, in which I incorrectly assumed _WinAPI_UrlIs() would only accept web resources. Unfortunately, file:/// passes the default _WinAPI_UrlIs check(). File paths are now directly checked for and must fail. There is no currently known exploitation of this vulnerability in the wild. A patched version, 0.5.0.1, has been released that checks for and denies these crafted URLs. There are no workarounds for this issue. Users are advised not to accept any unexpected prompts from web pages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T21:20:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rcmaehl/MSEdgeRedirect/security/advisories/GHSA-95v4-748v-fmf9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rcmaehl/MSEdgeRedirect/releases/tag/0.5.0.1"
}
],
"source": {
"advisory": "GHSA-95v4-748v-fmf9",
"discovery": "UNKNOWN"
},
"title": "Externally Controlled Reference to a Resource in Another Sphere in MSEdgeRedirect",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43844",
"STATE": "PUBLIC",
"TITLE": "Externally Controlled Reference to a Resource in Another Sphere in MSEdgeRedirect"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MSEdgeRedirect",
"version": {
"version_data": [
{
"version_value": "\u003c 0.5.0.1"
}
]
}
}
]
},
"vendor_name": "rcmaehl"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MSEdgeRedirect is a tool to redirect news, search, widgets, weather, and more to a user\u0027s default browser. MSEdgeRedirect versions before 0.5.0.1 are vulnerable to Remote Code Execution via specifically crafted URLs. This vulnerability requires user interaction and the acceptance of a prompt. With how MSEdgeRedirect is coded, parameters are impossible to pass to any launched file. However, there are two possible scenarios in which an attacker can do more than a minor annoyance. In Scenario 1 (confirmed), a user visits an attacker controlled webpage; the user is prompted with, and downloads, an executable payload; the user is prompted with, and accepts, the aforementioned crafted URL prompt; and RCE executes the payload the user previously downloaded, if the download path is successfully guessed. In Scenario 2 (not yet confirmed), a user visits an attacked controlled webpage; the user is prompted with, and accepts, the aforementioned crafted URL prompt; and a payload on a remote, attacker controlled, SMB server is executed. The issue was found in the _DecodeAndRun() function, in which I incorrectly assumed _WinAPI_UrlIs() would only accept web resources. Unfortunately, file:/// passes the default _WinAPI_UrlIs check(). File paths are now directly checked for and must fail. There is no currently known exploitation of this vulnerability in the wild. A patched version, 0.5.0.1, has been released that checks for and denies these crafted URLs. There are no workarounds for this issue. Users are advised not to accept any unexpected prompts from web pages."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rcmaehl/MSEdgeRedirect/security/advisories/GHSA-95v4-748v-fmf9",
"refsource": "CONFIRM",
"url": "https://github.com/rcmaehl/MSEdgeRedirect/security/advisories/GHSA-95v4-748v-fmf9"
},
{
"name": "https://github.com/rcmaehl/MSEdgeRedirect/releases/tag/0.5.0.1",
"refsource": "MISC",
"url": "https://github.com/rcmaehl/MSEdgeRedirect/releases/tag/0.5.0.1"
}
]
},
"source": {
"advisory": "GHSA-95v4-748v-fmf9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43844",
"datePublished": "2021-12-20T21:20:11.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:10:16.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43794 (GCVE-0-2021-43794)
Vulnerability from cvelistv5 – Published: 2021-12-01 19:40 – Updated: 2024-08-04 04:03- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
| URL | Tags |
|---|---|
| https://github.com/discourse/discourse/commit/2da… | x_refsource_MISC |
| https://github.com/discourse/discourse/security/a… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-249g-pc77-65hp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "discourse",
"vendor": "discourse",
"versions": [
{
"status": "affected",
"version": "stable \u003c 2.7.11"
},
{
"status": "affected",
"version": "beta \u003c 2.8.0.beta9"
},
{
"status": "affected",
"version": "tests-passed \u003c 2.8.0.beta9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-01T19:40:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-249g-pc77-65hp"
}
],
"source": {
"advisory": "GHSA-249g-pc77-65hp",
"discovery": "UNKNOWN"
},
"title": "Anonymous user cache poisoning via development-mode header in Discourse",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43794",
"STATE": "PUBLIC",
"TITLE": "Anonymous user cache poisoning via development-mode header in Discourse"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "discourse",
"version": {
"version_data": [
{
"version_value": "stable \u003c 2.7.11"
},
{
"version_value": "beta \u003c 2.8.0.beta9"
},
{
"version_value": "tests-passed \u003c 2.8.0.beta9"
}
]
}
}
]
},
"vendor_name": "discourse"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest stable, beta and tests-passed versions of Discourse."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1",
"refsource": "MISC",
"url": "https://github.com/discourse/discourse/commit/2da0001965c6d8632d723c46ea5df9f22a1a23f1"
},
{
"name": "https://github.com/discourse/discourse/security/advisories/GHSA-249g-pc77-65hp",
"refsource": "CONFIRM",
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-249g-pc77-65hp"
}
]
},
"source": {
"advisory": "GHSA-249g-pc77-65hp",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43794",
"datePublished": "2021-12-01T19:40:10.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:03:08.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41244 (GCVE-0-2021-41244)
Vulnerability from cvelistv5 – Published: 2021-11-15 20:05 – Updated: 2024-08-04 03:08- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
| URL | Tags |
|---|---|
| https://github.com/grafana/grafana/security/advis… | x_refsource_CONFIRM |
| https://grafana.com/blog/2021/11/15/grafana-8.2.4… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2021/11/15/1 | mailing-listx_refsource_MLIST |
| https://security.netapp.com/advisory/ntap-2021122… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:31.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-mpwp-42x6-4wmx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grafana.com/blog/2021/11/15/grafana-8.2.4-released-with-security-fixes/"
},
{
"name": "[oss-security] 20211115 Grafana 8.2.4 released with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/11/15/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211223-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "grafana",
"vendor": "grafana",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users\u2019 roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users\u0027 roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T12:07:05.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-mpwp-42x6-4wmx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://grafana.com/blog/2021/11/15/grafana-8.2.4-released-with-security-fixes/"
},
{
"name": "[oss-security] 20211115 Grafana 8.2.4 released with security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/11/15/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211223-0001/"
}
],
"source": {
"advisory": "GHSA-mpwp-42x6-4wmx",
"discovery": "UNKNOWN"
},
"title": "Cross organization admin control in Grafana",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41244",
"STATE": "PUBLIC",
"TITLE": "Cross organization admin control in Grafana"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "grafana",
"version": {
"version_data": [
{
"version_value": "\u003e= 8.0.0, \u003c 8.2.4"
}
]
}
}
]
},
"vendor_name": "grafana"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users\u2019 roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users\u0027 roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/grafana/grafana/security/advisories/GHSA-mpwp-42x6-4wmx",
"refsource": "CONFIRM",
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-mpwp-42x6-4wmx"
},
{
"name": "https://grafana.com/blog/2021/11/15/grafana-8.2.4-released-with-security-fixes/",
"refsource": "MISC",
"url": "https://grafana.com/blog/2021/11/15/grafana-8.2.4-released-with-security-fixes/"
},
{
"name": "[oss-security] 20211115 Grafana 8.2.4 released with security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/11/15/1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211223-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211223-0001/"
}
]
},
"source": {
"advisory": "GHSA-mpwp-42x6-4wmx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41244",
"datePublished": "2021-11-15T20:05:11.000Z",
"dateReserved": "2021-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:08:31.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27648 (GCVE-0-2021-27648)
Vulnerability from cvelistv5 – Published: 2021-04-28 07:25 – Updated: 2024-09-16 16:58- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
| URL | Tags |
|---|---|
| https://www.synology.com/security/advisory/Synolo… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Synology | Synology Antivirus Essential |
Affected:
unspecified , < 1.4.8-2801
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_21_15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Synology Antivirus Essential",
"vendor": "Synology",
"versions": [
{
"lessThan": "1.4.8-2801",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-28T07:25:14.000Z",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_21_15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2021-04-28T04:03:57.517952",
"ID": "CVE-2021-27648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Synology Antivirus Essential",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.4.8-2801"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via unspecified vectors."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.0",
"vectorString": "AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_21_15",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_21_15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2021-27648",
"datePublished": "2021-04-28T07:25:14.326Z",
"dateReserved": "2021-02-24T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:58:04.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3779 (GCVE-0-2021-3779)
Vulnerability from cvelistv5 – Published: 2022-06-28 16:30 – Updated: 2024-09-17 00:16- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
| URL | Tags |
|---|---|
| https://www.rapid7.com/blog/post/2022/06/28/cve-2… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Tomita Masahiro | ruby-mysql |
Affected:
2.9.14 , ≤ 2.9.14
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:09:08.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.rapid7.com/blog/post/2022/06/28/cve-2021-3779-ruby-mysql-gem-client-file-read-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ruby-mysql",
"vendor": "Tomita Masahiro",
"versions": [
{
"lessThanOrEqual": "2.9.14",
"status": "affected",
"version": "2.9.14",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Hans-Martin M\u00fcnch of MOGWAI LABS GmbH, reported by Rapid7, coordinated by CERT/CC and JPCERT/CC"
}
],
"datePublic": "2022-06-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T16:30:15.000Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rapid7.com/blog/post/2022/06/28/cve-2021-3779-ruby-mysql-gem-client-file-read-fixed/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.10.0 or later of ruby-mysql"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ruby-MySQL Gem Client File Read",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2022-06-28T15:00:00.000Z",
"ID": "CVE-2021-3779",
"STATE": "PUBLIC",
"TITLE": "Ruby-MySQL Gem Client File Read"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ruby-mysql",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.9.14",
"version_value": "2.9.14"
}
]
}
}
]
},
"vendor_name": "Tomita Masahiro"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by Hans-Martin M\u00fcnch of MOGWAI LABS GmbH, reported by Rapid7, coordinated by CERT/CC and JPCERT/CC"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.rapid7.com/blog/post/2022/06/28/cve-2021-3779-ruby-mysql-gem-client-file-read-fixed/",
"refsource": "MISC",
"url": "https://www.rapid7.com/blog/post/2022/06/28/cve-2021-3779-ruby-mysql-gem-client-file-read-fixed/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.10.0 or later of ruby-mysql"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2021-3779",
"datePublished": "2022-06-28T16:30:15.611Z",
"dateReserved": "2021-09-07T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:16:17.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8226 (GCVE-0-2020-8226)
Vulnerability from cvelistv5 – Published: 2020-08-17 15:37 – Updated: 2024-08-04 09:56- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere (CWE-610)
| URL | Tags |
|---|---|
| https://www.phpbb.com/community/viewtopic.php?f=1… | x_refsource_MISC |
| https://www.phpbb.com/community/viewtopic.php?f=1… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | https://github.com/phpbb/phpbb |
Affected:
3.2.10 and 3.3.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.phpbb.com/community/viewtopic.php?f=14\u0026t=2562631"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.phpbb.com/community/viewtopic.php?f=14\u0026t=2562636"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/phpbb/phpbb",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.2.10 and 3.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in phpBB \u003cv3.2.10 and \u003cv3.3.1 which allowed remote image dimensions check to be used to SSRF."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "Externally Controlled Reference to a Resource in Another Sphere (CWE-610)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-17T15:37:51.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.phpbb.com/community/viewtopic.php?f=14\u0026t=2562631"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.phpbb.com/community/viewtopic.php?f=14\u0026t=2562636"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "https://github.com/phpbb/phpbb",
"version": {
"version_data": [
{
"version_value": "3.2.10 and 3.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in phpBB \u003cv3.2.10 and \u003cv3.3.1 which allowed remote image dimensions check to be used to SSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Externally Controlled Reference to a Resource in Another Sphere (CWE-610)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.phpbb.com/community/viewtopic.php?f=14\u0026t=2562631",
"refsource": "MISC",
"url": "https://www.phpbb.com/community/viewtopic.php?f=14\u0026t=2562631"
},
{
"name": "https://www.phpbb.com/community/viewtopic.php?f=14\u0026t=2562636",
"refsource": "MISC",
"url": "https://www.phpbb.com/community/viewtopic.php?f=14\u0026t=2562636"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8226",
"datePublished": "2020-08-17T15:37:51.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:56:27.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12475 (GCVE-0-2018-12475)
Vulnerability from cvelistv5 – Published: 2020-09-01 11:55 – Updated: 2024-09-17 00:36- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1107821 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| openSUSE | Open Build Service |
Affected:
obs-service-download_files , ≤ 0.6.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:06.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1107821"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Open Build Service",
"vendor": "openSUSE",
"versions": [
{
"lessThanOrEqual": "0.6.2",
"status": "affected",
"version": "obs-service-download_files",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Gerstner of SUSE"
}
],
"datePublic": "2020-05-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service ."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:48.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1107821"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1107821",
"defect": [
"1107821"
],
"discovery": "INTERNAL"
},
"title": "obs-service-download_files allows downloading from localhost or intranet hosts",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"DATE_PUBLIC": "2020-05-11T00:00:00.000Z",
"ID": "CVE-2018-12475",
"STATE": "PUBLIC",
"TITLE": "obs-service-download_files allows downloading from localhost or intranet hosts"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Open Build Service",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "obs-service-download_files",
"version_value": "0.6.2"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service ."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-610: Externally Controlled Reference to a Resource in Another Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1107821",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1107821"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1107821",
"defect": [
"1107821"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-12475",
"datePublished": "2020-09-01T11:55:11.943Z",
"dateReserved": "2018-06-15T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:36:57.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
CAPEC-219: XML Routing Detour Attacks
An attacker subverts an intermediate system used to process XML content and forces the intermediate to modify and/or re-route the processing of the content. XML Routing Detour Attacks are Adversary in the Middle type attacks (CAPEC-94). The attacker compromises or inserts an intermediate system in the processing of the XML message. For example, WS-Routing can be used to specify a series of nodes or intermediaries through which content is passed. If any of the intermediate nodes in this route are compromised by an attacker they could be used for a routing detour attack. From the compromised system the attacker is able to route the XML process to other nodes of their choice and modify the responses so that the normal chain of processing is unaware of the interception. This system can forward the message to an outside entity and hide the forwarding and processing from the legitimate processing systems by altering the header information.