CVE-2022-26121

EUVD-2022-30688
An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
fortinetCNA
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
fortinetfortimanager
5.6.0 <
𝑥
≤ 5.6.11
fortinetfortimanager
6.0.0 <
𝑥
≤ 6.0.11
fortinetfortimanager
6.2.0 <
𝑥
≤ 6.2.9
fortinetfortimanager
6.4.0 <
𝑥
≤ 6.4.8
fortinetfortimanager
7.0.0 <
𝑥
≤ 7.0.3
fortinetfortianalyzer
5.6.0 <
𝑥
≤ 5.6.11
fortinetfortianalyzer
6.0.0 <
𝑥
≤ 6.0.11
fortinetfortianalyzer
6.2.0 <
𝑥
≤ 6.2.9
fortinetfortianalyzer
6.4.0 <
𝑥
≤ 6.4.8
fortinetfortianalyzer
7.0.0 <
𝑥
≤ 7.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://fortiguard.com/psirt/FG-IR-22-026
https://fortiguard.com/psirt/FG-IR-22-026