{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T17:19:48.028","vulnerabilities":[{"cve":{"id":"CVE-2021-36168","sourceIdentifier":"psirt@fortinet.com","published":"2021-08-04T15:15:09.117","lastModified":"2024-11-21T06:13:14.660","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows authenticated attacker to disclosure information via crafted GET request with malicious parameter values."},{"lang":"es","value":"Una limitación inapropiada de un nombre de ruta a un directorio restringido (\"Salto de Ruta\") en Fortinet FortiPortal versiones 6.x anteriores a 6.0.5, FortiPortal versiones 5.3.x anteriores a 5.3.6 y cualquier FortiPortal versiones anteriores a 6.2.5, permite a un atacante autenticado divulgar información por medio de una petición GET diseñada con valores de parámetros maliciosos"}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*","versionEndExcluding":"5.2.6","matchCriteriaId":"C05F7D12-B00B-4B09-8B86-4464E3E5127B"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3.0","versionEndExcluding":"5.3.6","matchCriteriaId":"97B4F8A2-CD69-436F-9080-323AE2ACFDA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.0.5","matchCriteriaId":"53B6FCC7-F713-42FC-B666-7169DC7A2BEA"}]}]}],"references":[{"url":"https://fortiguard.com/advisory/FG-IR-21-085","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.com/advisory/FG-IR-21-085","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}