SQL Injection Vulnerability in Fortinet FortiWLM Software
CVE-2021-42760
8.8HIGH
Summary
An improper neutralization of special elements used in SQL commands in Fortinet FortiWLM, specifically in versions 8.6.1 and earlier, permits attackers to execute crafted SQL queries. This exploitation can lead to unauthorized access and the disclosure of sensitive information stored in database tables, posing significant risks to data integrity and confidentiality.
Affected Version(s)
Fortinet FortiWLM FortiWLM 8.6.1, 8.6.0, 8.5.2, 8.5.1, 8.5.0, 8.4.2, 8.4.1, 8.4.0, 8.3.2, 8.3.1, 8.3.0, 8.2.2
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved