A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-21-214 |
History
Wed, 23 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2023-02-16T18:05:36.868Z
Updated: 2024-10-23T14:50:09.331Z
Reserved: 2021-10-20T17:44:45.605Z
Link: CVE-2021-42761
Vulnrichment
Updated: 2024-08-04T03:38:50.222Z
NVD
Status : Modified
Published: 2023-02-16T19:15:11.603
Modified: 2024-11-21T06:28:07.163
Link: CVE-2021-42761
Redhat
No data.