var-202107-0839
Vulnerability from variot
The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges. FortiMail Is vulnerable to the use of cryptographic algorithms.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fortinet FortiMail is a suite of email security gateway products from Fortinet. The product provides features such as email security protection and data protection. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-0839", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fortimail", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.4.0" }, { "model": "fortimail", "scope": "gte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.0" }, { "model": "fortimail", "scope": "lt", "trust": 1.0, "vendor": "fortinet", "version": "6.4.5" }, { "model": "fortimail", "scope": "lte", "trust": 1.0, "vendor": "fortinet", "version": "6.2.6" }, { "model": "fortimail", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.2.0 to 6.2.6" }, { "model": "fortimail", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": "6.4.0 to 6.4.4" }, { "model": "fortimail", "scope": "eq", "trust": 0.8, "vendor": "\u30d5\u30a9\u30fc\u30c6\u30a3\u30cd\u30c3\u30c8", "version": null }, { "model": "fortimail", "scope": "gte", "trust": 0.6, "vendor": "fortinet", "version": "6.4.0,\u003c=6.4.4" }, { "model": "fortimail", "scope": "gte", "trust": 0.6, "vendor": "fortinet", "version": "6.2.0,\u003c=6.2.6" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-19078" }, { "db": "JVNDB", "id": "JVNDB-2021-009855" }, { "db": "NVD", "id": "CVE-2021-26095" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.2.6", "versionStartIncluding": "6.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.4.5", "versionStartIncluding": "6.4.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-26095" } ] }, "cve": "CVE-2021-26095", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-26095", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CNVD-2022-19078", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "VHN-385059", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "psirt@fortinet.com", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-26095", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-26095", "trust": 1.8, "value": "HIGH" }, { "author": "psirt@fortinet.com", "id": "CVE-2021-26095", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2022-19078", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-843", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-385059", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-19078" }, { "db": "VULHUB", "id": "VHN-385059" }, { "db": "JVNDB", "id": "JVNDB-2021-009855" }, { "db": "NVD", "id": "CVE-2021-26095" }, { "db": "NVD", "id": "CVE-2021-26095" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-843" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may allow a remote attacker already in possession of a cookie to possibly reveal and alter or forge its content, thereby escalating privileges. FortiMail Is vulnerable to the use of cryptographic algorithms.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Fortinet FortiMail is a suite of email security gateway products from Fortinet. The product provides features such as email security protection and data protection. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-26095" }, { "db": "JVNDB", "id": "JVNDB-2021-009855" }, { "db": "CNVD", "id": "CNVD-2022-19078" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULHUB", "id": "VHN-385059" }, { "db": "VULMON", "id": "CVE-2021-26095" } ], "trust": 2.88 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-26095", "trust": 4.0 }, { "db": "JVNDB", "id": "JVNDB-2021-009855", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-19078", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2380", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071352", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-843", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-385059", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-26095", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-19078" }, { "db": "VULHUB", "id": "VHN-385059" }, { "db": "VULMON", "id": "CVE-2021-26095" }, { "db": "JVNDB", "id": "JVNDB-2021-009855" }, { "db": "NVD", "id": "CVE-2021-26095" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-843" } ] }, "id": "VAR-202107-0839", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-19078" }, { "db": "VULHUB", "id": "VHN-385059" } ], "trust": 0.06999999999999999 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-19078" } ] }, "last_update_date": "2023-12-18T10:50:02.755000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "FG-IR-21-019", "trust": 0.8, "url": "https://fortiguard.com/advisory/fg-ir-21-019" }, { "title": "Patch for Fortinet FortiMail Encryption Issue Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/325301" }, { "title": "Fortinet FortiMail Fixes for encryption problem vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=156536" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-19078" }, { "db": "JVNDB", "id": "JVNDB-2021-009855" }, { "db": "CNNVD", "id": "CNNVD-202107-843" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD Evaluation ]", "trust": 0.8 }, { "problemtype": "CWE-327", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-385059" }, { "db": "JVNDB", "id": "JVNDB-2021-009855" }, { "db": "NVD", "id": "CVE-2021-26095" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://fortiguard.com/advisory/fg-ir-21-019" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26095" }, { "trust": 0.6, "url": "https://www.fortinet.com/products/email-security" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2380" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071352" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-19078" }, { "db": "VULHUB", "id": "VHN-385059" }, { "db": "VULMON", "id": "CVE-2021-26095" }, { "db": "JVNDB", "id": "JVNDB-2021-009855" }, { "db": "NVD", "id": "CVE-2021-26095" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-843" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-19078" }, { "db": "VULHUB", "id": "VHN-385059" }, { "db": "VULMON", "id": "CVE-2021-26095" }, { "db": "JVNDB", "id": "JVNDB-2021-009855" }, { "db": "NVD", "id": "CVE-2021-26095" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-843" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-03-14T00:00:00", "db": "CNVD", "id": "CNVD-2022-19078" }, { "date": "2021-07-20T00:00:00", "db": "VULHUB", "id": "VHN-385059" }, { "date": "2021-07-20T00:00:00", "db": "VULMON", "id": "CVE-2021-26095" }, { "date": "2022-06-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-009855" }, { "date": "2021-07-20T11:15:11.477000", "db": "NVD", "id": "CVE-2021-26095" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-843" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-03-14T00:00:00", "db": "CNVD", "id": "CNVD-2022-19078" }, { "date": "2021-07-28T00:00:00", "db": "VULHUB", "id": "VHN-385059" }, { "date": "2021-07-20T00:00:00", "db": "VULMON", "id": "CVE-2021-26095" }, { "date": "2022-06-02T06:10:00", "db": "JVNDB", "id": "JVNDB-2021-009855" }, { "date": "2023-08-08T14:22:24.967000", "db": "NVD", "id": "CVE-2021-26095" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-843" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-843" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "FortiMail\u00a0 Vulnerability in using cryptographic algorithms in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-009855" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.