CVE-2014-2336

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/61309
http://www.fortiguard.com/advisory/FG-IR-14-033/	Vendor Advisory
http://www.securityfocus.com/bid/70889
https://exchange.xforce.ibmcloud.com/vulnerabilities/98479

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:fortinet:fortimanager::::::::
	cpe:2.3:o:fortinet:fortianalyzer_firmware::::::::

History

No history.

Information

Published : 2014-10-31 14:55

Updated : 2024-02-04 18:35

NVD link : CVE-2014-2336

Mitre link : CVE-2014-2336

CVE.ORG link : CVE-2014-2336

JSON object : View

Products Affected

fortinet

fortianalyzer_firmware
fortimanager

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2014-2336", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-10-31T14:55:02.907", "references": [{"url": "http://secunia.com/advisories/61309", "source": "cve@mitre.org"}, {"url": "http://www.fortiguard.com/advisory/FG-IR-14-033/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/70889", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98479", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en la interfaz del usuario de web en Fortinet FortiManager anterior a 5.0.7 y FortiAnalyzer anterior a 5.0.7 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2014-2334 y CVE-2014-2335."}], "lastModified": "2017-08-29T01:34:30.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:fortinet:fortimanager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "753B3D8D-B699-4F54-B8D7-0F2938CA1812", "versionEndIncluding": "5.0.6"}, {"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABDA1EDD-39A5-43F8-8C65-989A2BFD45EA", "versionEndIncluding": "5.0.6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}