{"containers":{"cna":{"affected":[{"product":"Fortinet FortiWeb","vendor":"Fortinet","versions":[{"status":"affected","version":"FortiWeb 6.4.1, 6.4.0, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0"}]}],"descriptions":[{"lang":"en","value":"A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"LOW","baseScore":5.5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","exploitCodeMaturity":"PROOF_OF_CONCEPT","integrityImpact":"LOW","privilegesRequired":"LOW","remediationLevel":"NOT_DEFINED","reportConfidence":"CONFIRMED","scope":"UNCHANGED","temporalScore":5.2,"temporalSeverity":"MEDIUM","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C","version":"3.1"}}],"problemTypes":[{"descriptions":[{"description":"Improper access control","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2021-12-08T13:11:04.000Z","orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://fortiguard.com/advisory/FG-IR-21-123"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@fortinet.com","ID":"CVE-2021-36190","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Fortinet FortiWeb","version":{"version_data":[{"version_value":"FortiWeb 6.4.1, 6.4.0, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0"}]}}]},"vendor_name":"Fortinet"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests."}]},"impact":{"cvss":{"attackComplexity":"Low","attackVector":"Adjacent","availabilityImpact":"Low","baseScore":5.2,"baseSeverity":"Medium","confidentialityImpact":"Low","integrityImpact":"Low","privilegesRequired":"Low","scope":"Unchanged","userInteraction":"None","vectorString":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:C","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Improper access control"}]}]},"references":{"reference_data":[{"name":"https://fortiguard.com/advisory/FG-IR-21-123","refsource":"CONFIRM","url":"https://fortiguard.com/advisory/FG-IR-21-123"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T00:54:50.147Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://fortiguard.com/advisory/FG-IR-21-123"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-23T13:57:38.578236Z","id":"CVE-2021-36190","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-25T13:39:43.483Z"}}]},"cveMetadata":{"assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","assignerShortName":"fortinet","cveId":"CVE-2021-36190","datePublished":"2021-12-08T13:11:05.000Z","dateReserved":"2021-07-06T00:00:00.000Z","dateUpdated":"2024-10-25T13:39:43.483Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}