Vulnerability Details CVE-2021-41013
An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.4%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2021-41013
-
cpe:2.3:a:fortinet:fortiweb:6.3.0
-
cpe:2.3:a:fortinet:fortiweb:6.3.1
-
cpe:2.3:a:fortinet:fortiweb:6.3.10
-
cpe:2.3:a:fortinet:fortiweb:6.3.11
-
cpe:2.3:a:fortinet:fortiweb:6.3.12
-
cpe:2.3:a:fortinet:fortiweb:6.3.13
-
cpe:2.3:a:fortinet:fortiweb:6.3.14
-
cpe:2.3:a:fortinet:fortiweb:6.3.15
-
cpe:2.3:a:fortinet:fortiweb:6.3.2
-
cpe:2.3:a:fortinet:fortiweb:6.3.3
-
cpe:2.3:a:fortinet:fortiweb:6.3.4
-
cpe:2.3:a:fortinet:fortiweb:6.3.5
-
cpe:2.3:a:fortinet:fortiweb:6.3.6
-
cpe:2.3:a:fortinet:fortiweb:6.3.7
-
cpe:2.3:a:fortinet:fortiweb:6.3.8
-
cpe:2.3:a:fortinet:fortiweb:6.3.9
-
cpe:2.3:a:fortinet:fortiweb:6.4.0
-
cpe:2.3:a:fortinet:fortiweb:6.4.1