CVE-2022-26121

An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
fortinetCNA
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
fortinetfortimanager
5.6.0 <
𝑥
≤ 5.6.11
fortinetfortimanager
6.0.0 <
𝑥
≤ 6.0.11
fortinetfortimanager
6.2.0 <
𝑥
≤ 6.2.9
fortinetfortimanager
6.4.0 <
𝑥
≤ 6.4.8
fortinetfortimanager
7.0.0 <
𝑥
≤ 7.0.3
fortinetfortianalyzer
5.6.0 <
𝑥
≤ 5.6.11
fortinetfortianalyzer
6.0.0 <
𝑥
≤ 6.0.11
fortinetfortianalyzer
6.2.0 <
𝑥
≤ 6.2.9
fortinetfortianalyzer
6.4.0 <
𝑥
≤ 6.4.8
fortinetfortianalyzer
7.0.0 <
𝑥
≤ 7.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fortiguard.com/psirt/FG-IR-22-026
https://fortiguard.com/psirt/FG-IR-22-026