CVE-2021-32586

CWE-20Improper Input Validation4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.4%
top 36.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortimailFortinet Fortinet Fortimail
Timeline
PublishedMar 1
Latest updateMar 2

Description

An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unauthenticated attacker to alter the environment of the underlying script interpreter via specifically crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:LExploitability: 2.2 | Impact: 5.5

Affected Packages2 packages

NVDfortinet/fortimail6.0.06.0.12+4
CVEListV5fortinet/fortinet_fortimailFortiMail before 7.0.1

🔴Vulnerability Details

2
GHSA
GHSA-rmxw-r4jv-r5xm: An improper input validation vulnerability in the web server CGI facilities of FortiMail before 72022-03-02
CVEList
CVE-2021-32586: An improper input validation vulnerability in the web server CGI facilities of FortiMail before 72022-03-01

📋Vendor Advisories

1
Fortinet
An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.1 may allow an unaut...2022-03-01
CVE-2021-32586 (CRITICAL CVSS 9.8) | An improper input validation vulner | cvebase.io