CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-36167

An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6 and below and 6.2.8 and below may allow an unauthenticated attacker to bypass the webfilter control via modifying the session-id paramater.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 42.2%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 5.0

References

Products affected by CVE-2021-36167

Fortinet » Forticlient » Version: 6.2.7

cpe:2.3:a:fortinet:forticlient:6.2.7
Fortinet » Forticlient » Version: 6.4.0

cpe:2.3:a:fortinet:forticlient:6.4.0
Fortinet » Forticlient » Version: 6.4.1

cpe:2.3:a:fortinet:forticlient:6.4.1
Fortinet » Forticlient » Version: 6.4.2

cpe:2.3:a:fortinet:forticlient:6.4.2
Fortinet » Forticlient » Version: 6.4.3

cpe:2.3:a:fortinet:forticlient:6.4.3
Fortinet » Forticlient » Version: 6.4.4

cpe:2.3:a:fortinet:forticlient:6.4.4
Fortinet » Forticlient » Version: 6.4.5

cpe:2.3:a:fortinet:forticlient:6.4.5
Fortinet » Forticlient » Version: 6.4.6

cpe:2.3:a:fortinet:forticlient:6.4.6
Fortinet » Forticlient » Version: 7.0.0

cpe:2.3:a:fortinet:forticlient:7.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-36167

Products

Pricing

Contact Us