Unrated severityNVD Advisory· Published Aug 4, 2021· Updated Oct 25, 2024
CVE-2021-36168
CVE-2021-36168
Description
A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values.
Affected products
2<6.0.5, >=5.3.0 <5.3.6, <6.2.5+ 1 more
- (no CPE)range: <6.0.5, >=5.3.0 <5.3.6, <6.2.5
- (no CPE)range: FortiPortal 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.2, 5.1.1, 5.1.0, 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.2.2, 4.2.1, 4.1.2, 4.1.1, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0
Patches
Vulnerability mechanics
References
1- fortiguard.com/advisory/FG-IR-21-085mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.