| IR Number | FG-IR-21-107 |
| Date | Nov 2, 2021 |
| Severity |
High |
| CVSSv3 Score | 8.3 |
| Impact | Information disclosure |
| CVE ID | CVE-2021-36184 |
| Affected Products |
FortiWLM
:
8.6.1, 8.6.0, 8.5.3, 8.5.2, 8.5.1, 8.5.0, 8.4.2, 8.4.1, 8.4.0, 8.3.2, 8.3.1, 8.3.0, 8.2.2
|
| CVRF | Download |
| Language |
Refine Search
PSIRT Advisories
FortiWLM - SQL Injection in script handlers
Summary
An improper neutralization of special elements [CWE-79] used in an SQL command vulnerability ('SQL Injection') [CWE-89] in FortiWLM may allow an authenticated attacker to disclose sensitive information via crafted HTTP requests to various controllers.
Affected Products
FortiWLM version 8.6.1 and below are impacted
Solutions
Upgrade to FortiWLM version 8.6.2 or earlier