{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-42761","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2021-10-20T17:44:45.605Z","datePublished":"2023-02-16T18:05:36.868Z","dateUpdated":"2024-10-23T14:50:09.331Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiWeb","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.2","status":"affected"},{"versionType":"semver","version":"6.3.0","lessThanOrEqual":"6.3.16","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.6","status":"affected"},{"versionType":"semver","version":"6.1.0","lessThanOrEqual":"6.1.2","status":"affected"},{"versionType":"semver","version":"6.0.0","lessThanOrEqual":"6.0.7","status":"affected"},{"versionType":"semver","version":"5.9.0","lessThanOrEqual":"5.9.1","status":"affected"},{"versionType":"semver","version":"5.8.5","lessThanOrEqual":"5.8.7","status":"affected"},{"versionType":"semver","version":"5.8.0","lessThanOrEqual":"5.8.3","status":"affected"},{"versionType":"semver","version":"5.7.0","lessThanOrEqual":"5.7.3","status":"affected"},{"versionType":"semver","version":"5.6.0","lessThanOrEqual":"5.6.2","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-02-16T18:05:36.868Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-384","description":"Improper access control","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiWeb version 7.0.0 or above\r\nPlease upgrade to FortiWeb version 6.3.17 or above\r\nPlease upgrade to FortiWeb version 6.2.7 or above\r\nPlease upgrade to FortiWeb version 6.1.3 or above\r\nPlease upgrade to FortiWeb version 6.0.8 or above\r\nPlease upgrade to FortiWeb version 5.9.2 or above"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-21-214","url":"https://fortiguard.com/psirt/FG-IR-21-214"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T03:38:50.222Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-21-214","url":"https://fortiguard.com/psirt/FG-IR-21-214","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-23T14:11:58.060246Z","id":"CVE-2021-42761","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-23T14:50:09.331Z"}}]}}