CVE-2021-36168

A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values.

Published: Aug 4, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-36168
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
fortinet / fortiportal	6.0.0	6.0.5
fortinet / fortiportal	5.3.0	5.3.6
fortinet / fortiportal	-	5.2.6

https://fortiguard.com/advisory/FG-IR-21-085

Vulnerability Database

289,871

CVE-2021-36168