A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers.
History

Fri, 25 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published: 2021-12-08T12:33:18

Updated: 2024-10-25T13:40:38.183Z

Reserved: 2021-10-28T00:00:00

Link: CVE-2021-43064

cve-icon Vulnrichment

Updated: 2024-08-04T03:47:13.307Z

cve-icon NVD

Status : Modified

Published: 2021-12-08T13:15:08.073

Modified: 2024-11-21T06:28:37.703

Link: CVE-2021-43064

cve-icon Redhat

No data.