{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T18:46:52.118","vulnerabilities":[{"cve":{"id":"CVE-2021-32590","sourceIdentifier":"psirt@fortinet.com","published":"2021-08-04T14:15:08.200","lastModified":"2024-11-21T06:07:20.043","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow an attacker with regular user's privileges to execute arbitrary commands on the underlying SQL database via specifically crafted HTTP requests."},{"lang":"es","value":"Múltiples vulnerabilidades de neutralización inapropiada de elementos especiales usados en un comando SQL en FortiPortal versiones 6.0.0 hasta 6.0.4, versiones 5.3.0 hasta 5.3.5, versiones 5.2.0 hasta 5.2.5, y versiones 4.2.2 y anteriores pueden permitir a un atacante con privilegios de usuario regular ejecutar comandos arbitrarios en la base de datos SQL subyacente por medio de peticiones HTTP específicamente diseñadas"}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*","versionStartIncluding":"3.2.0","versionEndIncluding":"3.2.2","matchCriteriaId":"7FCD5094-CA24-4567-BCF3-6771E07406F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndIncluding":"4.0.4","matchCriteriaId":"5D792EF0-8FE3-4433-A192-816802C5CEC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.0","versionEndIncluding":"4.1.2","matchCriteriaId":"38B071DD-7C34-4EDC-9D87-EE0C32DA8256"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.0","versionEndIncluding":"4.2.4","matchCriteriaId":"638521CB-28CE-4C96-88FE-270E6E9867EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndIncluding":"5.0.3","matchCriteriaId":"4AE4255A-A854-4A11-8860-A558E1D77F30"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1.0","versionEndIncluding":"5.1.2","matchCriteriaId":"6F09B0F2-D95C-478B-9AA2-CCE1D2D1E497"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*","versionStartIncluding":"5.2.0","versionEndExcluding":"5.2.6","matchCriteriaId":"5EE99890-206F-4F97-B7A5-6E59FB77221E"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"5.3.6","matchCriteriaId":"97B4F8A2-CD69-436F-9080-323AE2ACFDA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.0.5","matchCriteriaId":"53B6FCC7-F713-42FC-B666-7169DC7A2BEA"}]}]}],"references":[{"url":"https://fortiguard.com/advisory/FG-IR-21-084","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.com/advisory/FG-IR-21-084","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}