A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-21-214 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:39
Type | Values Removed | Values Added |
---|---|---|
Summary | A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session. |
24 Feb 2023, 23:47
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://fortiguard.com/psirt/FG-IR-21-214 - Vendor Advisory | |
CWE | CWE-384 | |
First Time |
Fortinet fortiweb
Fortinet |
16 Feb 2023, 19:39
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-16 19:15
Updated : 2023-12-10 14:48
NVD link : CVE-2021-42761
Mitre link : CVE-2021-42761
CVE.ORG link : CVE-2021-42761
JSON object : View
Products Affected
fortinet
- fortiweb
CWE
CWE-384
Session Fixation