Unrated severityNVD Advisory· Published Nov 2, 2021· Updated Oct 25, 2024
CVE-2021-36172
CVE-2021-36172
Description
An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents.
Affected products
2<6.0.6+ 1 more
- (no CPE)range: <6.0.6
- (no CPE)range: FortiPortal before 6.0.6
Patches
Vulnerability mechanics
References
1- fortiguard.com/advisory/FG-IR-21-104mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.