Vulnerabilites related to fortinet - fortianalyzer-200d
var-201311-0370
Vulnerability from variot
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks. Exploiting this issue may allow a remote attacker to perform certain unauthorized administrative actions in the context of the device running the affected application. Other attacks are also possible. Versions prior to Fortianalyzer 4.3.7 and 5.0.5 are vulnerable. Fortinet FortiAnalyzer is a centralized network security reporting solution from Fortinet. This solution is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. The vulnerability is caused by the program not filtering the 'csrf_token' parameter correctly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0370",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fortianalyzer",
"scope": "lte",
"trust": 1.0,
"vendor": "fortinet",
"version": "5.0.4"
},
{
"model": "fortianalyzer-1000d",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-200d",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-300d",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-4000b",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-2000b",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-3000d",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer",
"scope": "lt",
"trust": 0.8,
"vendor": "fortinet",
"version": "5.0.5"
},
{
"model": "fortianalyzer-1000d",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-2000b",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-200d",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-3000d",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-300d",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer-4000b",
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": "fortianalyzer",
"scope": "eq",
"trust": 0.6,
"vendor": "fortinet",
"version": "5.0.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005213"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-181"
},
{
"db": "NVD",
"id": "CVE-2013-6826"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fortinet:fortianalyzer_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortianalyzer-1000d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortianalyzer-2000b",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortianalyzer-200d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortianalyzer-3000d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortianalyzer-300d",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:fortinet:fortianalyzer-4000b",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005213"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "William Costa",
"sources": [
{
"db": "BID",
"id": "63663"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-181"
}
],
"trust": 0.9
},
"cve": "CVE-2013-6826",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2013-6826",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-66828",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6826",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-6826",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201311-181",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-66828",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66828"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005213"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-181"
},
{
"db": "NVD",
"id": "CVE-2013-6826"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks. \nExploiting this issue may allow a remote attacker to perform certain unauthorized administrative actions in the context of the device running the affected application. Other attacks are also possible. \nVersions prior to Fortianalyzer 4.3.7 and 5.0.5 are vulnerable. Fortinet FortiAnalyzer is a centralized network security reporting solution from Fortinet. This solution is mainly used to collect network log data, and analyze, report, and archive the security events, network traffic, and Web content in the logs through the report suite. The vulnerability is caused by the program not filtering the \u0027csrf_token\u0027 parameter correctly",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6826"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005213"
},
{
"db": "BID",
"id": "63663"
},
{
"db": "VULHUB",
"id": "VHN-66828"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-66828",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66828"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6826",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "123980",
"trust": 2.5
},
{
"db": "BID",
"id": "63663",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005213",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201311-181",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "38824",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-66828",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66828"
},
{
"db": "BID",
"id": "63663"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005213"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-181"
},
{
"db": "NVD",
"id": "CVE-2013-6826"
}
]
},
"id": "VAR-201311-0370",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-66828"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:12:48.084000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FortiAnalyzer",
"trust": 0.8,
"url": "http://www.fortinet.co.jp/doc/FortiAnalyzer_DS.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005213"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66828"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005213"
},
{
"db": "NVD",
"id": "CVE-2013-6826"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/63663"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6826"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6826"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66828"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005213"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-181"
},
{
"db": "NVD",
"id": "CVE-2013-6826"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-66828"
},
{
"db": "BID",
"id": "63663"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005213"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-181"
},
{
"db": "NVD",
"id": "CVE-2013-6826"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-20T00:00:00",
"db": "VULHUB",
"id": "VHN-66828"
},
{
"date": "2013-11-12T00:00:00",
"db": "BID",
"id": "63663"
},
{
"date": "2013-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005213"
},
{
"date": "2013-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-181"
},
{
"date": "2013-11-20T14:12:31.070000",
"db": "NVD",
"id": "CVE-2013-6826"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-20T00:00:00",
"db": "VULHUB",
"id": "VHN-66828"
},
{
"date": "2013-11-27T00:25:00",
"db": "BID",
"id": "63663"
},
{
"date": "2013-11-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005213"
},
{
"date": "2013-11-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-181"
},
{
"date": "2024-11-21T01:59:47.160000",
"db": "NVD",
"id": "CVE-2013-6826"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-181"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fortinet FortiAnalyzer Vulnerable to cross-site request forgery attacks",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005213"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-181"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2013-11-20 14:12
Modified
2024-11-21 01:59
Severity ?
Summary
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fortinet | fortianalyzer_firmware | * | |
| fortinet | fortianalyzer-1000d | - | |
| fortinet | fortianalyzer-2000b | - | |
| fortinet | fortianalyzer-200d | - | |
| fortinet | fortianalyzer-3000d | - | |
| fortinet | fortianalyzer-300d | - | |
| fortinet | fortianalyzer-4000b | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fortinet:fortianalyzer_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93A2AD3B-02DC-48AC-9A76-7CB8854E52C1",
"versionEndIncluding": "5.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fortinet:fortianalyzer-1000d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "646FBB7D-FB82-491E-8C03-E0D129B7A040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortianalyzer-2000b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C066180-4970-46F3-86E5-EFE53FBE58FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortianalyzer-200d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4962F12-7C53-4BAD-B6BD-A478AC398A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortianalyzer-3000d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73A52694-D20A-4D42-B33F-3C7623BF800B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortianalyzer-300d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCB9155-75A9-413C-B660-DD21D52F889A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:fortinet:fortianalyzer-4000b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA710178-3B33-44FA-8560-08CC0362188E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks."
},
{
"lang": "es",
"value": "cgi-bin/module/sysmanager/admin/SYSAdminUserDialog en Fortinet FortiAnalyzer anterior a la versi\u00f3n 5.0.5 no valida adecuadamente el par\u00e1metro csrf_token, lo que permite a atacantes remotos realizar ataques de CSRF."
}
],
"id": "CVE-2013-6826",
"lastModified": "2024-11-21T01:59:47.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-20T14:12:31.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/63663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/63663"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2013-6826
Vulnerability from cvelistv5
Published
2013-11-19 19:00
Modified
2024-09-16 23:56
Severity ?
EPSS score ?
Summary
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/63663 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"name": "63663",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63663"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-11-19T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"name": "63663",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63663"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123980/fortianalyzer-xsrf.txt"
},
{
"name": "63663",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63663"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6826",
"datePublished": "2013-11-19T19:00:00Z",
"dateReserved": "2013-11-19T00:00:00Z",
"dateUpdated": "2024-09-16T23:56:53.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}