Search criteria
4 vulnerabilities found for fortianalyzer-4000b by fortinet
VAR-201311-0370
Vulnerability from variot - Updated: 2023-12-18 13:44cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks. Exploiting this issue may allow a remote attacker to perform certain unauthorized administrative actions in the context of the device running the affected application. Other attacks are also possible. Versions prior to Fortianalyzer 4.3.7 and 5.0.5 are vulnerable. Fortinet FortiAnalyzer is a centralized network security reporting solution from Fortinet. This solution is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. The vulnerability is caused by the program not filtering the 'csrf_token' parameter correctly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0370",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortianalyzer",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.0.4"
},
{
"model": "fortianalyzer-300d",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-4000b",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-1000d",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-200d",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-3000d",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-2000b",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "fortinet",
"version": "5.0.5"
},
{
"model": "fortianalyzer-1000d",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-2000b",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-200d",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-3000d",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-300d",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-4000b",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.0.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005213"
},
{
"db": "NVD",
"id": "CVE-2013-6826"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-181"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fortinet:fortianalyzer_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fortinet:fortianalyzer-2000b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:fortinet:fortianalyzer-200d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:fortinet:fortianalyzer-4000b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:fortinet:fortianalyzer-3000d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:fortinet:fortianalyzer-1000d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:fortinet:fortianalyzer-300d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6826"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "William Costa",
"sources": [
{
"db": "BID",
"id": "63663"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-181"
}
],
"trust": 0.9
},
"cve": "CVE-2013-6826",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-6826",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-66828",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-6826",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201311-181",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-66828",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66828"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005213"
},
{
"db": "NVD",
"id": "CVE-2013-6826"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-181"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks. \nExploiting this issue may allow a remote attacker to perform certain unauthorized administrative actions in the context of the device running the affected application. Other attacks are also possible. \nVersions prior to Fortianalyzer 4.3.7 and 5.0.5 are vulnerable. Fortinet FortiAnalyzer is a centralized network security reporting solution from Fortinet. This solution is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. The vulnerability is caused by the program not filtering the \u0027csrf_token\u0027 parameter correctly",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6826"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005213"
},
{
"db": "BID",
"id": "63663"
},
{
"db": "VULHUB",
"id": "VHN-66828"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-66828",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66828"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6826",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "123980",
"trust": 2.5
},
{
"db": "BID",
"id": "63663",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005213",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201311-181",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "38824",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-66828",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66828"
},
{
"db": "BID",
"id": "63663"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005213"
},
{
"db": "NVD",
"id": "CVE-2013-6826"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-181"
}
]
},
"id": "VAR-201311-0370",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-66828"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:44:31.577000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FortiAnalyzer",
"trust": 0.8,
"url": "http://www.fortinet.co.jp/doc/fortianalyzer_ds.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005213"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66828"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005213"
},
{
"db": "NVD",
"id": "CVE-2013-6826"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/63663"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6826"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6826"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66828"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005213"
},
{
"db": "NVD",
"id": "CVE-2013-6826"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-181"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-66828"
},
{
"db": "BID",
"id": "63663"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005213"
},
{
"db": "NVD",
"id": "CVE-2013-6826"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-181"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-20T00:00:00",
"db": "VULHUB",
"id": "VHN-66828"
},
{
"date": "2013-11-12T00:00:00",
"db": "BID",
"id": "63663"
},
{
"date": "2013-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005213"
},
{
"date": "2013-11-20T14:12:31.070000",
"db": "NVD",
"id": "CVE-2013-6826"
},
{
"date": "2013-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-181"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-20T00:00:00",
"db": "VULHUB",
"id": "VHN-66828"
},
{
"date": "2013-11-27T00:25:00",
"db": "BID",
"id": "63663"
},
{
"date": "2013-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005213"
},
{
"date": "2013-11-20T17:10:44.207000",
"db": "NVD",
"id": "CVE-2013-6826"
},
{
"date": "2013-11-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-181"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-181"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiAnalyzer Vulnerable to cross-site request forgery attacks",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005213"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-181"
}
],
"trust": 0.6
}
}
FKIE_CVE-2013-6826
Vulnerability from fkie_nvd - Published: 2013-11-20 14:12 - Updated: 2025-04-11 00:51
Severity ?
Summary
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortianalyzer_firmware | * | |
| fortinet | fortianalyzer-1000d | - | |
| fortinet | fortianalyzer-2000b | - | |
| fortinet | fortianalyzer-200d | - | |
| fortinet | fortianalyzer-3000d | - | |
| fortinet | fortianalyzer-300d | - | |
| fortinet | fortianalyzer-4000b | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93A2AD3B-02DC-48AC-9A76-7CB8854E52C1",
"versionEndIncluding": "5.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:fortianalyzer-1000d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646FBB7D-FB82-491E-8C03-E0D129B7A040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortianalyzer-2000b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C066180-4970-46F3-86E5-EFE53FBE58FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortianalyzer-200d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4962F12-7C53-4BAD-B6BD-A478AC398A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortianalyzer-3000d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73A52694-D20A-4D42-B33F-3C7623BF800B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortianalyzer-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCB9155-75A9-413C-B660-DD21D52F889A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortianalyzer-4000b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA710178-3B33-44FA-8560-08CC0362188E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks."
},
{
"lang": "es",
"value": "cgi-bin/module/sysmanager/admin/SYSAdminUserDialog en Fortinet FortiAnalyzer anterior a la versi\u00f3n 5.0.5 no valida adecuadamente el par\u00e1metro csrf_token, lo que permite a atacantes remotos realizar ataques de CSRF."
}
],
"id": "CVE-2013-6826",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-20T14:12:31.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/63663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/63663"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-6826 (GCVE-0-2013-6826)
Vulnerability from cvelistv5 – Published: 2013-11-19 19:00 – Updated: 2024-09-16 23:56
VLAI?
Summary
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"name": "63663",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63663"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"name": "63663",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63663"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"name": "63663",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63663"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6826",
"datePublished": "2013-11-19T19:00:00Z",
"dateReserved": "2013-11-19T00:00:00Z",
"dateUpdated": "2024-09-16T23:56:53.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6826 (GCVE-0-2013-6826)
Vulnerability from nvd – Published: 2013-11-19 19:00 – Updated: 2024-09-16 23:56
VLAI?
Summary
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"name": "63663",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63663"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"name": "63663",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63663"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"name": "63663",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63663"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6826",
"datePublished": "2013-11-19T19:00:00Z",
"dateReserved": "2013-11-19T00:00:00Z",
"dateUpdated": "2024-09-16T23:56:53.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}