CVE-2023-34991

{"id": "CVE-2023-34991", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@fortinet.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-11-14T18:15:30.443", "references": [{"url": "https://fortiguard.com/psirt/FG-IR-23-142", "tags": ["Vendor Advisory"], "source": "psirt@fortinet.com"}, {"url": "https://fortiguard.com/psirt/FG-IR-23-142", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@fortinet.com", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request."}, {"lang": "es", "value": "Una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando sql (\"inyecci\u00f3n sql\") en Fortinet FortiWLM versi\u00f3n 8.6.0 a 8.6.5 y 8.5.0 a 8.5.4 y 8.4.0 a 8.4.2 y 8.3.0 a 8.3 .2 y 8.2.2 permiten a un atacante ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de una solicitud http manipuladas."}], "lastModified": "2024-11-21T08:07:47.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortiwlm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "929F1380-4410-466D-9203-62414DC7A39E", "versionEndIncluding": "8.5.4", "versionStartIncluding": "8.5.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiwlm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCEDF5B8-C922-48DD-926D-788A53ACD684", "versionEndIncluding": "8.6.5", "versionStartIncluding": "8.6.0"}, {"criteria": "cpe:2.3:a:fortinet:fortiwlm:8.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2DBECF3-69BD-4622-B0B3-1F0552CBB3E8"}, {"criteria": "cpe:2.3:a:fortinet:fortiwlm:8.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A60E7E2-8A10-4C69-A86C-2D680C5E056A"}, {"criteria": "cpe:2.3:a:fortinet:fortiwlm:8.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F831179F-EC2D-4B8A-B433-CA395C1FEDA2"}, {"criteria": "cpe:2.3:a:fortinet:fortiwlm:8.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F036687E-4682-4773-9A28-33B9DB40C976"}, {"criteria": "cpe:2.3:a:fortinet:fortiwlm:8.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22C854E0-5DD1-4EB6-8F84-243067C27AE8"}, {"criteria": "cpe:2.3:a:fortinet:fortiwlm:8.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60787CAF-DF95-4691-A3C5-4A1A517DD146"}, {"criteria": "cpe:2.3:a:fortinet:fortiwlm:8.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9771B20-5C37-41ED-9DD9-19DCE1FD0F6B"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@fortinet.com"}