An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file system by means of specifically crafted XML documents.
History

Fri, 25 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2021-11-02T17:35:11

Updated: 2024-10-25T13:48:33.136Z

Reserved: 2021-07-06T00:00:00

Link: CVE-2021-36172

cve-icon Vulnrichment

Updated: 2024-08-04T00:47:43.939Z

cve-icon NVD

Status : Modified

Published: 2021-11-02T18:15:08.553

Modified: 2024-11-21T06:13:15.147

Link: CVE-2021-36172

cve-icon Redhat

No data.