ghsa-23cq-6739-c6x5
Vulnerability from github
Published
2021-12-10 00:00
Modified
2021-12-11 00:00
Details
A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.
{ "affected": [], "aliases": [ "CVE-2021-43071" ], "database_specific": { "cwe_ids": [ "CWE-787" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2021-12-09T10:15:00Z", "severity": "HIGH" }, "details": "A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the LogReport API controller.", "id": "GHSA-23cq-6739-c6x5", "modified": "2021-12-11T00:00:49Z", "published": "2021-12-10T00:00:46Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43071" }, { "type": "WEB", "url": "https://fortiguard.com/advisory/FG-IR-21-188" } ], "schema_version": "1.4.0", "severity": [] }
Loading...