VYPR
Unrated severityNVD Advisory· Published Aug 4, 2021· Updated Oct 25, 2024

CVE-2021-36168

CVE-2021-36168

Description

A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values.

Affected products

2
  • Fortinet/Fortiportalllm-fuzzy2 versions
    <6.0.5, >=5.3.0 <5.3.6, <6.2.5+ 1 more
    • (no CPE)range: <6.0.5, >=5.3.0 <5.3.6, <6.2.5
    • (no CPE)range: FortiPortal 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.1.2, 4.1.1, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.