{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-34991","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2023-06-09T06:59:37.970Z","datePublished":"2023-11-14T18:07:32.529Z","dateUpdated":"2025-12-16T18:23:21.749Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiWLM","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"8.6.0","lessThanOrEqual":"8.6.5","status":"affected"},{"versionType":"semver","version":"8.5.0","lessThanOrEqual":"8.5.4","status":"affected"},{"versionType":"semver","version":"8.4.0","lessThanOrEqual":"8.4.2","status":"affected"},{"versionType":"semver","version":"8.3.0","lessThanOrEqual":"8.3.2","status":"affected"},{"version":"8.2.2","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-11-14T18:07:32.529Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-89","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.3,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiWLM version 8.6.6 or above \nPlease upgrade to FortiWLM version 8.5.5 or above \n"}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-142","url":"https://fortiguard.com/psirt/FG-IR-23-142"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T16:17:04.270Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-142","url":"https://fortiguard.com/psirt/FG-IR-23-142","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-34991","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-08-15T14:59:14.045632Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-16T18:23:21.749Z"}}]}}